MacOS: How to validate your FileVault Recovery Key

less than 1 minute read

I’m a big fan of keeping my laptop drive encrypted using macOS’ FileVault. As part of setting this up, you can set a recovery key in case you find yourself locked out of your Mac, and are therefore unable to unlock your encrypted drive.

However, an important element of this type of protection is doing a dry run, so that you can verify you have recorded the recovery key correctly. The worst time to figure this out is when you need the correct recovery key to avoid losing everything!

Thanks to the folks at MacWorld, I now know how to perform such a dry run from the Terminal:

sudo fdesetup validaterecovery

This will ask for your administrative password and the recovery key, and then return true if you entered the right key, and false otherwise. If you realize you have the wrong recovery key on record, you should immediately reset FileVault.