MacOS – How to update the FileVault 2 recovery key stored in iCloud


It's been a long saga getting to the point where I am comfortable that my new Macbook Pro has FileVault 2 enabled properly on Yosemite.

I ran into the "Encryption paused – connect power adapter" problem several times. Had to do a hard-disk erase and full re-install twice, and spent hours online with Apple support.

Eventually, encryption completed and it told me "A recovery key has been set" … but never told me what the key was!

Today, I disabled encryption, rebooted, and re-enabled encryption – with the same result.

Eventually, I used fdesetup changerecovery --personal to create a new recovery key, which I was able to validate with fdesetup validaterecovery.

I now have that key stored in a very safe place (nowhere near my MBP).

But I originally requested, via the GUI, that the key also be stored in iCloud. Now I suspect that the key they have is not the key which will work to decrypt my drive at last resort.

I've spent hours googling, and browsing Apple's support pages, but nowhere can I find out how to update the recovery key stored in my iCloud account.

Any advice greatly appreciated

Best Answer

According to Apple's [documentation on Filevault 2] ( (emphasis added by me)

Changing your recovery key

In the Security & Privacy system preference, under the FileVault tab, click "Turn Off FileVault" to disable FileVault. After FileVault is off, FileVault will begin to decrypt your drive. Once decryption is complete, you can click the "Turn On FileVault" button. Doing this allows you to enable unlock-capable users. You're also provided with a new recovery key and have the option of sending this new key to Apple. The old key sent to Apple will not be able to unlock your newly-encrypted disk. If you need to retrieve your recovery key from Apple, only the new one will be retrieved based on the Serial Number and Record Number displayed in the login window.

I think that this might be your answer.