book

Unlock a FileVault 2-encrypted volume with an institutional recovery key

Requirements

  • macOS 10.9 or higher
  • A FileVault 2-encrypted volume, set up to use an institutional recovery key
  • An external drive or USB drive

Steps to take

  • Prepare the FileVaultMaster keychain and your computer
  • Unlock the FileVaultMaster keychain
  • Use keychain to unlock the encrypted volume 

Prepare keychain and computer

  • Put your original FileVaultMaster.keychain (the one with the private key in it) on an external drive or USB drive;
  • Boot the device in recovery mode, by holding command-R when starting up;

Unlock keychain

  • Plug in the drive with the FileVaultMaster keychain. In recovery mode, the drive should automatically mount, but you can also mount it using Disk Utility;
  • Open a Terminal by going to Utilities -> Terminal;
  • Unlock the keychain in the Terminal, by running the command security unlock-keychain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain . When prompted, enter the password you used when creating the keychain;

Unlock the encrypted volume

macOS devices running macOS High Sierra (10.13) may have been upgraded to Apple’s new APFS.

If your device is using APFS, find the APFS disk role by using diskutil apfs list.

Unlock the encrypted volume by using diskutil apfs unlockVolume [APFS disk role] -recoverykeychain /Volumes/[nameofdrive]/FileVaultMaster.keychain

 You can now browse the directories of the unlocked drive, or you can decrypt the drive and turn off FileVault 2 using: diskutil apfs decryptVolume /dev/[APFS disk role]

You can check the progress by running diskutil apfs list again

 If your device is using macOS Extended (HFS+), find the CoreStorage Volumes (UUID) by using diskutil cs list

  • Find the Logical Volume UUID of the encrypted drive, by running the command diskutil corestorage list
  • Unlock the volume with diskutil corestorage unlockVolume [UUID] -recoveryKeyChain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain

The volume should unlock and mount, you can now retrieve the files. Decrypting the disk is also possible, by running diskutil corestorage revert [UUID] -recoveryKeychain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain

Have more questions? Submit a request

0 Comments

Article is closed for comments.