Help

Possible to Validate a FileVault 2 Recovery Key???

darms21
New Contributor

Posted on ‎02-10-2014 12:57 PM

Greetings -
Is anyone aware of a method to programmatically validate a FV2 recovery key?

0 Kudos
3 REPLIES 3

Josh_S
Contributor III

Posted on ‎02-10-2014 01:08 PM

If you have the key, you can use the "fdesetup validaterecovery" and specify an input plist which contains the key. If you're using Casper 9 to manage your keys, I believe it automatically validates the recovery key and displays the validation status within the JSS.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎02-10-2014 01:18 PM

Just an FYI. The validatereovery option is only available in 10.9. Mountain Lion's fdesetup doesn't include that (and a few other new options now in 10.9)

0 Kudos

rtrouton
Release Candidate Programs Tester

Posted on ‎02-10-2014 01:29 PM

As mentioned by @mm2270 and @Josh_S, if the encrypted Mac is running 10.9.x, you can use fdesetup validaterecovery. I've got an example of how to use validaterecovery as part of this post:

http://derflounder.wordpress.com/2013/12/20/using-a-filevault-2-institutional-recovery-key-in-maveri...

If you're running 10.7.x or 10.8.x, the best way to validate the recovery key is likely going to be using it to unlock an encrypted drive associated with that recovery key. If you want to go that route, I have a post showing how to unlock a FileVault 2-encrypted disk from the command line available here:

http://derflounder.wordpress.com/2011/11/23/using-the-command-line-to-unlock-or-decrypt-your-filevau...