bitlocker - how to create recovery key?
I think that the problem may be that the BitLocker drive just does not have a Recovery Key as one of its BitLocker Protectors.
Bitlocker can unlock your drive with various types of Protectors such as TPM, Password, and Recovery Key.
To see the available types, run:
manage-bde -protectors d: -get
You’ll see the 48-digit password that is the BitLocker recovery key under "Numerical Password":
A "Recovery Key" or "Startup Key" has a corresponding "External Key",
which is saved in a .BEK
file.
These two Protectors are not mandatory, so your drive may not have one assigned.
To save the .BEK
key file you need an "External Key" protector
listed when you run the above command.
If missing, you can add a Recovery Key to the drive with the command below,
which will also back it up to a .BEK
file in, for example f:\folder
:
manage-bde -protectors -add d: -RecoveryKey f:\folder
Then, when you run the command below it will save a .BEK
file to the directory
f:\folder
:
manage-bde -protectors -get d: -sek f:\folder
Finally the problem was that the Numerical Password protector,
also known as RecoveryPassword
was missing, as it was probably not
specified when the volume was locked.
An example of a command to enable BitLocker on the C drive, store the recovery key on the Y drive, and generate a random recovery password, is:
manage-bde -on C: -RecoveryKey Y: -RecoveryPassword
If the paramater RecoveryPassword
was not specified when enabling BitLocker,
this protector can later be added by using the command:
manage-bde –protectors –add C: -RecoveryPassword