Skip to content Skip to site navigation Skip to service navigation

Back Up Your Encryption Recovery Key (Mac)

If your computer is encrypted and you forget the password that unlocks your hard drive, you'll need the encryption recovery key to unlock your drive. In most cases, Stanford users have their recovery keys backed up in a secure database by the university. The recovery key  can then be retrieved in MyDevices.

Due to a bug that has now been fixed, some recovery keys that were saved using the Stanford Whole Disk Encryption (SWDE) service cannot be retrieved in MyDevices. You can check to see if any device belonging to you has a key available for retrieval in MyDevices.

If your device is encrypted but your encryption recovery key cannot be retrieved in MyDevices, you can use the Key Escrow Tool to fix the problem. 

Get the Key Escrow Tool

There are two ways to get the tool: you can download it on demand or it may deployed automatically to your computer via BigFix.

Method #1 — Download the Key Escrow Tool installer

You can download and run the installer yourself.

Method #2 — Deployed automatically via BigFix

If you need to run the Key Escrow Tool, it will be delivered to your computer via BigFix. You will be notified in advance that this is going to happen.

  1. When the tool is deployed to your computer you will see an alert in the upper-right corner of your screen. You must click one of the buttons to continue.
    • Click Start to continue to download and run the Key Escrow Tool.
    • Click Defer to defer the deployment for 24 hours.
    alert that displays when BigFix is deploying the Key Escrow Tool
  2. If you clicked Start, another screen displays. Click OK .
    If you click Defer the program will launch again in one day. If you click Cancel the program will not automatically launch again.
     BigFix screen deploying Key Escrow Tool

Install the tool

Note: If you are running a  version of macOS prior to 10.9.5 the installation process will be slightly different. See the Missing Encryption Recovery Keys FAQ for more information.

  1. Regardless of whether the installer is launched via BigFix or on demand, the Welcome screen displays. Click Continue.
    welcome window
  2. Select your hard drive as the disk where you want to install the software and then click Continue
    choose to install the software on your hard drive
  3. Click Install to begin the installation.
    start the installation
  4. When prompted, enter your local administrator account name and password for the Mac and click Install Software.
    Note: If you are prompted for a password that you don't know, please contact your local IT support, submit a Help ticket or call the IT Service Desk at (650) 725-HELP (5-4357).
    enter your computer administrator name and password
  5. Click Yes, Escrow My Recovery Key to save your encryption recovery key in a secure database.
    If your recovery key is already saved, you will have the option to generate and save a new one.
    encryption recovery key was not saved message
  6. At the prompt, enter your local computer password for the Mac and then click Unlock.
    enter your local computer password
  7. Your encryption recovery key displays. Write this down and store it in a secure location if you wish and then click Close.
    encryption recovery key
  8. After the installation has completed, click Close to exit the setup wizard.
    installation completed successfully
  9. To verify that your device's key has successfully been escrowed,  check its Device Details page in MyDevices. Note that there can be a delay of up to eight hours between the time you run the Encryption Recovery Key Escrow Tool and the time the key can be retrieved in MyDevices.
Last modified April 25, 2017