If you forget your personal password for FileVault, you can use a Recovery Key to regain access.

To create a FileVault Personal Recovery Key:

  1. Boot into recovery-mode ( CMD+R at boot), a different partition or connect the disk to another Mac.
  2. Open the terminal and run the command below:
    diskutil cs list

    This will produce a list of the Logical CoreStorage Volumes.

  3. Find the Logical Volume (usually last on the list) and copy the UUID – it is in the format of XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX. This will be used to specify which volume will be unlocked and decrypted.

    recover_encryp_disk01
  4. Ensure you have the Personal Recovery Key available and run the command below. Replace "UUID" with the UUID retrieved in step 3. You will be prompted to enter the Passphrase. This is where you will input the Personal Recovery Key.
    diskutil cs unlockVolume UUID

    You will now see a response showing that the volume is unlocked and mounted. At this time, you may recover any necessary files.

  1. Now that the volume is unlocked, you can begin the decryption process by using the command below and replacing "UUID" with the UUID retrieved in step 3. You will be prompted to enter the Passphrase. This is where you will enter the Personal Recovery Key.
    diskutil cs revert UUID

    To monitor the decryption status, use the command below. The status is located in the Logical Volume Family information.

    diskutil cs list

    recover_encryp_disk03