How to get the FileVault recovery key

encryptionfilevaultunix

I want to mount my (non-bootable) Filevault encrypted drive on Linux. I know the user-facing password to decrypt it, but not the recovery key. From what I've read, I assume that the recovery key is the actual XTS-AES-128 key. Linux can't decrypt the drive with a password, but it can with the AES key. There's obviously a way to obtain the recovery key given the password, since that's done every time you decrypt the drive with a password. Hence I need a way to get this recovery key.

Alternatively, a Filevault driver for Linux would also be a way to mount my encrypted drive.

Best Answer

You may be able to use libfvde to access FileVault 2 encrypted drives on Linux.

OS X turns the password for the drive into a derived key by using PBKDF2. That derived key then unlocks the encrypted drive. I'm not aware of a way to display the key.

Related Solutions

MacOS – Why can I boot into the recovery partition without entering a password even though I have FileVault 2 with full-disk-encryption enabled

This is because you are booting into a separate partition on your hard drive. FileVault identifies volumes via partitions so when you encrypt your "hard drive" it is the partition that contains your boot volume and data only. The recovery partition and any other additional partitions are never encrypted.

This isn't cause for certain though since booting to the Recovery Partition does not expose your encrypted volume nor does doing so grant you access to it. As a matter of fact, if you need to repair your user folder's ACL's and permissions; which you would do through your recovery partition, you would have run some terminal commands to unlock your encrypted partition before repairs can be done.

Boot Camp would serve as a good example of this. With Boot Camp, your hard is now partitioned into two volumes; One for Mac OS and another for Windows. This would add up to three partitions on your hard drive. FileVault would only encrypted your Macintosh HD partition and not touch your Windows and Recovery partition; but at no point would you be able to access your Macintosh HD's content via Windows or Recovery Mode.

How to verify a Lion FileVault recovery key

This is much easier to do beginning in Mavericks. The fdesetup command was expanded to support recovery key changes and verification.

$ sudo fdesetup validaterecovery
Password:
Enter the current recovery key:
true

This will prompt you for the key, which should be entered in all caps with the hyphens.

true means you entered a valid recovery key.

Best Answer

Related Solutions

MacOS – Why can I boot into the recovery partition without entering a password even though I have FileVault 2 with full-disk-encryption enabled

How to verify a Lion FileVault recovery key

Related Question