In anonymous credential schemes, users obtain credentials on certain attributes from an issuer, and later show these credentials to a relying party anonymously and without fully disclosing the attributes. In this paper, we introduce the notion of (anonymous) credential schemes with encrypted attributes, in which issuers certify credentials on encrypted attributes to users. These schemes allow for the possibility that none of the involved parties, including the user, learns the values of the attributes. In fact, we will treat several variations differing in which parties see which attributes in the clear. We present efficient constructions of these new credential schemes, starting from a credential scheme by Brands, and we show that the security of Brands' original scheme is retained. Finally, we sketch several interesting applications of these novel credential schemes.