I believe that the user password, the personal recovery key and the passphrase all have the same purpose to that end. Each user password will generate such a derived key and each one of these keys can decrypt that next key in the chain. Basically, FileVault uses a chain of encryption keys to keep the whole thing configurable and extensible.Ī user password is used to generate a so-called ‘derived encryption key’ which itself encrypts another key that FileVault needs (the ‘key encryption key’). I believe the answer can be found on page 26 et seq. Always ends with ‘Error: -69886: Invalid request’ (whatever that means). TL DR: I’ve tried the command myself and it does not work.
0 Comments
Leave a Reply. |