If you want to validate your FileVault recovery key from the terminal, you can do
But what if you want to use a .plist to validate the recovery key instead of getting prompted for the key? This is where it’s a bit counterintuitive, at least as far as I’ve tested on macOS 10.12.6 and 10.13.1.
When you enable FileVault using a command like
But if you try to validate the recovery using that .plist, the command will just hang.
The reason it hangs is it’s looking for the Password key in the .plist instead of the RecoveryKey key (which is the one fdesetup generated!). From the the man page for fdesetup:
fdesetup validaterecovery -inputplist < /fvinput1-recoverykeyonly.plist
Gets the existing personal recovery key in the “Password” key value of the plist and returns
“true” if the recovery key appears to be valid
The Crypt project actually takes the RecoveryKey out and then temporarily creates a .plist with the Password key in order to validate.
So, yeah, if you’re not using Crypt, you’d essentially have to do that—copy the RecoveryKey key to be a new Password key in order for this command to work: