Recovery Keys For Mac

Posted on |

  1. No Recovery Keys Found For This Machine
  2. Recovery Keys For Mac Osx
  3. Recovery Keys For Mac High Sierra

macOS Recovery is part of the built-in recovery system of your Mac. You can start up from macOS Recovery and use its utilities to recover from certain software issues or take other actions on your Mac.

How to start up from macOS Recovery

  1. Turn on your Mac and immediately press and hold these two keys: Command (⌘) and R. Need help?
  2. Release the keys when you see an Apple logo, spinning globe, or other startup screen.
  3. You might be prompted to enter a password, such as a firmware password or the password of a user who is an administrator of this Mac. Enter the requested password to continue.
  4. Startup is complete when you see the utilities window:
  5. After starting up from macOS Recovery, select a utility, then click Continue:
    • Restore From Time Machine Backup:Restore your Mac from a Time Machine backup.
    • Reinstall macOS: Download and reinstall the Mac operating system.
    • Get Help Online: Use Safari to browse the web and find help for your Mac. Links to Apple's support website are included. Browser plug-ins and extensions are disabled.
    • Disk Utility: Use Disk Utility to repair your disk or erase your disk or other storage device.

      Additional utilities are available from the Utilities menu in the menu bar: Startup Security Utility (or Firmware Password Utility), Network Utility, and Terminal.
  6. To quit macOS Recovery, choose Restart or Shut Down from the Apple menu . If you want to choose a different startup disk before quitting, choose Startup Disk from the Apple menu.

If you can't start up from macOS Recovery

Oct 24, 2017 Hi there, beckybelle. I see that you're trying to locate a recovery key, but you're not sure what it is or where it's at. I'm happy to help. Two-step verification for Apple ID- You were provided with a 14-character Recovery Key to print and keep in a safe place when you started using two-step verification for your Apple ID.

If your Mac can't start up from its built-in macOS Recovery system, it might try to start up from macOS Recovery over the Internet. When that happens, you see a spinning globe instead of an Apple logo during startup:

  1. Product Key Finder for Windows, Office. and 10,000+ more programs Recover Keys is a simple yet comprehensive Windows application designed to safeguard activation keys for software products installed on your local or remote network computers in the event of a system or hard disk crash.
  2. Easy: Mac OS X Recovery Mode Key Combination Today’s Mac computers have a built in feature called recovery mode which allows you to start your Mac computer on a separate boot partition on your hard drive and restore from Time Machine backup, reinstall Mac OS, or use disk utility.

To manually start up from Internet Recovery, press and hold either of these key combinations at startup:

Found
  • Option-Command-R
  • Shift-Option-Command-R
    Learn more

If startup from Internet Recovery is unsuccessful, you see a globe with an alert symbol (exclamation point):

In that case, try these solutions:

  • Make sure that your Mac can connect to the Internet. If you're not prompted to choose a Wi-Fi network during startup, move your pointer to the top of the screen, then choose a network from the Wi-Fi menu , if available.
  • Press Command-R at startup to try using the built-in Recovery system instead of Internet Recovery.
  • Connect to the Internet using Ethernet instead of Wi-Fi, or vice versa.
  • Connect to the Internet from a different Wi-Fi or Ethernet network. Your network configuration might not allow the Internet access that macOS Recovery needs.
  • Try again later, because the issue might be temporary.
  • Start up from another disk or volume, if available, or use a bootable installer to reinstall macOS.

If you still need help, please contact Apple Support.

These advanced steps are for system administrators and others who are familiar with the command line.

Create a FileVault master keychain

  1. Open the Terminal app on your Mac, then enter this command:
  2. When prompted, enter the master password for the new keychain, then enter it again when prompted to retype. Terminal doesn't show the password as you type.
  3. A key pair is generated, and a file named FileVaultMaster.keychain is saved to your desktop. Copy this file to a secure location, such an encrypted disk image on an external drive. This secure copy is the private recovery key that can unlock the startup disk of any Mac set up to use the FileVault master keychain. It is not for distribution.

In the next section, you will update the FileVaultMaster.keychain file that is still on your desktop. You can then deploy that keychain to Mac computers in your organization.

Remove the private key from the master keychain

After creating the FileVault master keychain, follow these steps to prepare a copy of it for deployment:

  1. Double-click the FileVaultMaster.keychain file on your desktop. The Keychain Access app opens.
  2. In the Keychain Access sidebar, select FileVaultMaster. If you see more than two items listed on the right, select another keychain in the sidebar, then select FileVaultMaster again to refresh the list.
  3. If the FileVaultMaster keychain is locked, click in the upper-left corner of Keychain Access, then enter the master password you created.
  4. From the two items shown on the right, select the one identified as ”private key” in the Kind column:
  5. Delete the private key: Choose Edit > Delete from the menu bar, enter the keychain master password, then click Delete when asked to confirm.
  6. Quit Keychain Access.

Now that the master keychain on your desktop no longer contains the private key, it's ready for deployment.

Deploy the updated master keychain on each Mac

After removing the private key from the keychain, follow these steps on each Mac that you want to be able to unlock with your private key.

Recovery Keys For Mac
  1. Put a copy of the updated FileVaultMaster.keychain file in the /Library/Keychains/ folder.
  2. Open the Terminal app and enter both of the following commands. These commands make sure that the file's permissions are set to -rw-r--r-- and the file is owned by root and assigned to the group named wheel.
  3. If FileVault is already turned on, enter this command in Terminal:
  4. If FileVault is turned off, open Security & Privacy preferences and turn on FileVault. You should see a message that a recovery key has been set by your company, school, or organization. Click Continue.

This completes the process. If a user forgets their macOS user account password and can't log in to their Mac, you can use the private key to unlock their disk.

Use the private key to unlock a user's startup disk

No Recovery Keys Found For This Machine

Keys

If a user forgot their account password and can't log in to their Mac, you can use the private recovery key to unlock their startup disk and access its FileVault-encrypted data.

  1. On the client Mac, start up from macOS Recovery by holding Command-R during startup.
  2. If you don't know the name (such as Macintosh HD) and format of the startup disk, open Disk Utility from the macOS Utilities window, then check the information Disk Utility shows for that volume on the right. If you see ”CoreStorage Logical Volume Group” instead of ”APFS Volume” or ”Mac OS Extended,” the format is Mac OS Extended. You will need this information in a later step. Quit Disk Utility when done.
  3. Connect the external drive that contains the private recovery key.
  4. From the menu bar in macOS Recovery, choose Utilities > Terminal.
  5. If you stored the private recovery key in an encrypted disk image, use the following command in Terminal to mount that image. Replace /path with the path to the disk image, including the .dmg filename extension:
    Example for a disk image named PrivateKey.dmg on a volume named ThumbDrive:
    hdiutil attach /Volumes/ThumbDrive/PrivateKey.dmg
  6. Use the following command to unlock the FileVault master keychain. Replace /path with the path to FileVaultMaster.keychain on the external drive. In this step and all remaining steps, if the keychain is stored in an encrypted disk image, remember to include the name of that image in the path.
    Example for a volume named ThumbDrive:
    security unlock-keychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  7. Enter the master password to unlock the startup disk. If the password is accepted, the command prompt returns.

Continue as described below, based on how the user's startup disk is formatted.

Mac

APFS

Recovery Keys For Mac

If the startup disk is formatted for APFS, complete these additional steps:

  1. Enter the following command to unlock the encrypted startup disk. Replace 'name' with the name of the startup volume, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a startup volume named Macintosh HD and a recovery-key volume named ThumbDrive:
    diskutil ap unlockVolume 'Macintosh HD' -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  2. Enter the master password to unlock the keychain and mount the startup disk.
  3. Use command-line tools such as ditto to back up the data on the disk, or quit Terminal and use Disk Utility.

Mac OS Extended (HFS Plus)

Recovery Keys For Mac Osx

If the startup disk is formatted for Mac OS Extended, complete these additional steps:

Recovery Keys For Mac High Sierra

  1. Enter this command to get a list of drives and CoreStorage volumes:
  2. Select the UUID that appears after “Logical Volume,” then copy it for use in a later step.
    Example: +-> Logical Volume 2F227AED-1398-42F8-804D-882199ABA66B
  3. Use the following command to unlock the encrypted startup disk. Replace UUID with the UUID you copied in the previous step, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs unlockVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  4. Enter the master password to unlock the keychain and mount the startup disk.
  5. Use command-line tools such as ditto to back up the data on the disk. Or quit Terminal and use Disk Utility. Or use the following command to decrypt the unlocked disk and start up from it.
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs decryptVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain