BitLocker Recovery Key File

sglee
sglee used Ask the Experts™
on
Hi,

 I enabled BitLocker on some computers with Windows Ultimate 7.
 These computers don't have TPM, so I had to make changes to GPEDIT to make it work with USB flash drive. Each time I encrypted the hard drive, it created "BitLocker Recovery Key file" in TXT.
  I like to understand when/how these keys are used.
  So far what understand is this. I intentionally took the USB flash drive out of the computer and restarted it. Then the computer prompted for 48 digit key - BitLocker Recovery Key, I entered: 712921-100232-438999-066539-157036-381612-571373-133782 and it continued to load OS.

But when do I use and what is the purpose of:

Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9


BitLocker Recovery Key E8AACEDF-41E8-49BD-9188-00E58F51EFA9.txt
-------------- Contents --------------------------
BitLocker Drive Encryption Recovery Key

The recovery key is used to recover the data on a BitLocker protected drive.

To verify that this is the correct recovery key compare the identification with what is presented on the recovery screen.

Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9

BitLocker Recovery Key:
712921-100232-438999-066539-157036-381612-571373-133782
-------------- Contents --------------------------
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Commented:
If the OS crashes or you re-install it, you would need the USB stick in order to be able to access the encrypted files again.

You would also need it if the user account is deleted and doesn't exist anymore. A new user account gets a unique ID which is different from the original one, even if the name and password are the same. Encryption is tied to the original unique user account.

Author

Commented:
What is the purpose of :
Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9
Most Valuable Expert 2015

Commented:
That is to identify which key is needed. You can have several keys on such a USB stick. Check part 6 onward in the Link below:

http://www.eightforums.com/tutorials/21433-bitlocker-recovery-unlock-drive-windows-8-a.html?filter[1]=Security%20System%20Tools
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Distinguished Expert 2018
Commented:
Bitlocker uses so-called "protectors". Those can be the TPM, the TPM and the PIN together, or a password, or the startup key on USB or diskette. You can have multiple protectors. To identify, what drive is being talked about and what protector, this ID is used. It's unique.

Author

Commented:
Say I have a PC with a 2nd internal HD and a couple of external USB hard drives. I like to encrypt two internal hard drives and two external USB hard drives.  With that:
(1) Can I store "Startup Key" for each hard drive during the encryption process in one USB flash drive?
Distinguished Expert 2018

Commented:
Yes, you can.
Distinguished Expert 2018

Commented:
By the way, the selected answer is incorrect. The usb drive is a startup key, that's not the recovery key, don't confuse it. Also wrong: bitlocker encryption is never tied to any  user account, this is not EFS.
My Bitlocker recovery key Id start in 7E4FC9E5 please could u say full recovery key
Distinguished Expert 2018

Commented:
Sidhart, ask your own question and describe your situation.
No one here or at Microsoft has your key, sorry. It might have been saved online, or to a file or printed, that's all. Online (just in case it was saved online): https://onedrive.live.com/recoverykey

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start Today