How does FileVault generate a recovery key? From my user password? Does FileVault use the same key to decrypt disk on startup as recovery key? Are they identical?
I probably know the answers to this questions, but I want to be sure.
How does filevault 2 work?
Best Answer
The general principle used by FileVault is the same as for any encryption scheme which allows more than one password to access the data (such as LUKS, which is commonly used in Linux environments). To summarise:
Now, if you know one of the passwords, you can provide it to decrypt the data. For example, if you know P₂, you can decrypt C₂ to find out the KEK. Once you know the KEK, you can decrypt X to find out the MEK. Once you know the MEK, you can decrypt the data.
This scheme allows easy addition, removal, and alteration of passwords used to access the data, since this simply requires altering the set of stored Cᵢ values. No re-encrypting of the data itself is necessary, since the MEK being used doesn't change.
In LUKS, these places to store a Cᵢ value are called "keyslots", and LUKS provides eight such keyslots.
In APFS, all such Cᵢ values are stored together in a data block called a "keybag" — in principle, the size of this keybag is unbounded, but in current practice, it's typically large enough for 7 keys. When you set up authorised users and passwords in FileVault preferences, one of these slots is used to store a Cᵢ which can be decrypted using the recovery password that is displayed to you.