Once the validation of FileVaultMaster keychain file is complete, ensure you delete the 'FileVaultMaster Password Key' (private key).

Delete Private Key

confirm private key deletion

  1. Navigate to FileVault Master Password Key > Delete "FileVault Master Password Key" and select Delete to confirm deletion of the private key.
  2. Enter your administrative User Name and Password.
  3. Select Modify Keychain.

By the end of this step, you have a FileVaultMaster.keychain file which does not contain the private key. This Keychain can be placed in \Library\Keychains in order to manually enable FileVault2 encryption with an Corporate Recovery Key.