You can use commands to create a FileVaultMaster keychain in macOS. The keychain contains both private and public keys required for recovering FileVault 2 encrypted devices.
- On a macOS computer (10.13+), select the Launchpad icon and then select Others > Terminal.
In the Terminal window, type the following command to create a FileVaultMaster keychain. Follow the prompts to apply password to the created keychain.
sudo security create-filevaultmaster-keychain /Library/Keychains/FileVaultMaster.keychain
- Once the command is complete, launch the Finder.
- Press Shift+command+G and enter /Library/keychains as the folder name.
- Select Go to access the folder and to fetch the created keychain.
Ensure you make copies and securely store both the keychain file and the password used to create the keychain. This keychain contains the certificate and private key to decrypt any FileVault 2 encrypted devices.