Help

What Happens When FileMaker Institutional Recovery Key Cert Expires?

Go to solution
zinkotheclown
Contributor II

Posted on ‎05-04-2017 11:48 AM

I have a FileVault Disk Encryption Configuration with an institutional recovery key set to expire in June. Does anyone know if this needs to renewed? How does it effect the encrypted Mac?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
JoshRouthier
Contributor

Posted on ‎05-04-2017 12:06 PM

I spoke with Apple about this last year when ours was set to expire, and they informed me that the FileVault Encryption will continue, even after the key expires. Sure enough the expiration date came and went, and nothing happened with our FileVault encrypted computers. The senior SE I got was initially unsure when I asked him what would happen when the key expired, but after talking with some other SE's, he had said nothing should happen. So far so good, almost a year later!

View solution in original post

2 REPLIES 2

Go to solution
JoshRouthier
Contributor

Posted on ‎05-04-2017 12:06 PM

I spoke with Apple about this last year when ours was set to expire, and they informed me that the FileVault Encryption will continue, even after the key expires. Sure enough the expiration date came and went, and nothing happened with our FileVault encrypted computers. The senior SE I got was initially unsure when I asked him what would happen when the key expired, but after talking with some other SE's, he had said nothing should happen. So far so good, almost a year later!

Go to solution
rtrouton
Release Candidate Programs Tester

Posted on ‎05-04-2017 02:29 PM

By default, the public key generated inside a FileVaultMaster.keychain file has an expiration date of one year following its creation date. Nothing happens when it expires, the institutional recovery key keeps working.

For example, I have a test IRK that was first generated in 2010 as a legacy FileVault recovery key on 10.6.8. It still works today on macOS Sierra in 2017.