When you use encryption for the first time (and you don't already have a certificate that's valid for EFS), Windows creates a self-signed certificate for EFS. (Self-signed means that the certificate has not been granted by a trusted certification authority that can confirm your identity. Such verification is unnecessary for this purpose; in this case, the signature merely confirms that the certificate was created while your account was logged on.) This certificate becomes your personal encryption certificate, and it contains the public/private key pair used for encrypting and decrypting files while you're logged on.

Each user who encrypts files on a system has a personal encryption certificate. In addition, Windows ...