Greetings -
Is anyone aware of a method to programmatically validate a FV2 recovery key?
Question
Possible to Validate a FileVault 2 Recovery Key???
+4
+11If you have the key, you can use the "fdesetup validaterecovery" and specify an input plist which contains the key. If you're using Casper 9 to manage your keys, I believe it automatically validates the recovery key and displays the validation status within the JSS.
+24Just an FYI. The validatereovery option is only available in 10.9. Mountain Lion's fdesetup doesn't include that (and a few other new options now in 10.9)
As mentioned by @mm2270 and @Josh_S, if the encrypted Mac is running 10.9.x, you can use fdesetup validaterecovery. I've got an example of how to use validaterecovery as part of this post:
If you're running 10.7.x or 10.8.x, the best way to validate the recovery key is likely going to be using it to unlock an encrypted drive associated with that recovery key. If you want to go that route, I have a post showing how to unlock a FileVault 2-encrypted disk from the command line available here:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.