How can I verify a Lion FileVault recovery key?

I have a volume that is encrypted with OS X Lion's full-disk FileVault. When I enabled FileVault I was given a recovery key, which I wrote down. I'd like to verify that the recovery key that I wrote down is correct before I store it somewhere safe.

How can I verify that a FileVault recovery key is correct?


Solution 1:

This is much easier to do beginning in Mavericks. The fdesetup command was expanded to support recovery key changes and verification.

$ sudo fdesetup validaterecovery
Password:
Enter the current recovery key:
true

This will prompt you for the key, which should be entered in all caps with the hyphens.

true means you entered a valid recovery key.

Solution 2:

You should boot on the Recovery HD and use Terminal there to unlock the drive using the recovery key (you can't check the recovery key if you are booted on the crypted disk, since the unlocking process will fail: already unlocked).

To start with, you will need to identify the Logical Volume UUID of the encrypted drive using the diskutil corestorage list command:

diskutil corestorage list

Running that command will give you a listing of all Core Storage volumes. 

Once you have the UUID of the encrypted volume, you can then unlock the encrypted volume using the following commands:

diskutil corestorage unlockVolume UUID

When prompted enter the passphrase you would like to test.

This article provides more information and screenshots, Unlock or decrypt your FileVault 2-encrypted boot drive from the command line.

Solution 3:

After you enable FileVault2 you will be prompted to restart your Mac.

Upon startup you will be presented with a dialog box asking for your password. Typing in the wrong login password three times will produce a note under the password field which states, "If you forgot your password, you can… …reset it using your recovery key."

Click the triangle-button next to that message to reveal the Recovery Key textfield (which replaces the password textfield)

If the recovery key allows you to login then you know it worked. You will be asked to change your admin password if use the recovery key.

http://support.apple.com/kb/HT4790