Apple Intelligence is now available on iPhone, iPad, and Mac!
I apparently started File Vault by mistake, and now cannot turn it off. It is still encrypting for several hours now. Turn off is greyed out, won't respond. How do I stop this from completing? A comment in the window says "a recovery key has been set" but I have no idea what that would be. What can I do now?
Mac mini, macOS 10.14
Once it starts you cannot stop it, if you have a large amount of storage it could take days.
When you started File Vault it should have given you the Recovery Key.
Use FileVault to encrypt the startup disk on your Mac - Apple Support
Once it starts you cannot stop it, if you have a large amount of storage it could take days.
When you started File Vault it should have given you the Recovery Key.
Use FileVault to encrypt the startup disk on your Mac - Apple Support
Your FileVault recovery key is associated with your macOS account password.
You can sleep, and shutdown your Mac, and it will not affect FileVault.
If you manage to turn FileVault off, it will then have to decrypt everything it has already encrypted.
Personally it is a good idea to enable FileVault, but that is just my opinion.
diskutil cs list | grep 'Conversion Progress'
should tell you your FileVault conversion progress
sudo fdesetup disable
should disable FileVault, but as I said above, it will now go through and spend the same time to decrypt what it has already encrypted.
sudo fdesetup changerecovery -personal
should change the recovery key
I never saw a recovery key!
when you say that the recovery key is associated with my “macOS account password”. I don’t know what that refers to. Also, you are showing some commands to type in to disable file vault, and another to change the recovery key. But nothing tells me where to type these in. Now what?
Fortunately, when the encryption was completed, the "turn off file vault" field became usable and I was able to turn it off (without any key!). It took overnight to decrypt the files, but now it is off.
I also never received any explanation about how to use your suggested commands, or where to type them in. Thankfully I did not have to use them.
When you enable FileVault a very long encryption key is created. Your macOS account password is used to encrypt this key and it is stored on the file system.
When you are asked to give your password to unlock the disk, your macOS account password is used to decrypted the very long encryption key and that encryption key is used to decrypt data read from your disk and encrypt data written to your disk.
If you allow other user accounts on your Mac to also decrypt the FileVault data, then the very long encryption key is again encrypted using that account's password, and that is also stored on the disk, so that if they are the ones booting the Mac, their password can be used to decrypt the very long encryption key and use it to decrypt/encrypt the disk.
It is the same very long encryption key for both accounts.
If you change your password, part of the password changing process is to use your own password to decrypt the storaed very long encryption key associated with your account, and re-encrypt it using your new password and storing it. If the other user changes their password, the same thing happens to their encrypted copy of the very long encryption key.
Generally when macOS is enabling FileVault, you are offered the option to escrow the very long encryption key encrypted with your Apple ID and password, then stored it with Apple. Apple does not store your Apple ID password in plain text, so Apple cannot decrypt your encryption key. It can only be sent encrypted back to you, where your Apple ID password is used to unlock it on your Mac.
Never got any recovery key. Fortunately however, when the encryption finished, the "turn off file vault" field was usable and I clicked on it and it decrypted overnight.
👍
File Vault
