• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved Bitlocker recovery key


noob

New Member
Posts
6
#1
Hi,

I have a new Windows 8.1 machine and I wish to encrypt the drive using Bitlocker. It gives me 4 options to save a recovery key
1. Save to your Microsoft account
2. Save to a USB flash drive
3. Save to a file
4. Print the recovery key

Option 1 isn't available as I'm logged on using a local account.
i. What is the difference between options 2 & 3? i.e. I could save to a file on a USB drive
ii. Does option 2 mean the USB flash drive cannot then be used for other purposes?
iii. Does option 2 also mean I could use a USB external hard drive, or does it have to be a flash drive?
iv. Once the recovery key has been created, can the key then be copied to other locations or is it only going to work where Bitlocker puts the key?
v. Just thinking about printing the recovery key - can this be used without a password to access the drive, how sensitive/important is the printed key?

N00b questions, I'd very much appreciate your answers.

Thanks :)
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64 bit

caperjack

Just the Janitor
VIP Member
Guru
Posts
2,627
#2
hello and welcome to eight forms , my opinion , difference between 2 and 3 ,2 will create a file and put it on the flash drive for yah,3 you will have to move the file it creates to a flash drive of external drive manually 'I would think you could take the file it create and put it where ever you want , I don't use bitlocker ,if I did I would print it and put away for safe keeping ,like I try to do will all passwords .and if the drive is pass worded that you store the file on ,then yes someone would need the drive password to access the files on that drive, is not that what passwords are for ,I would assume that there are people who could hack your passwords like they do others ,good luck
 

My Computer

System One

  • OS
    win8.1.1 enterprise
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Hinze57
    CPU
    AMD FX 6100 6core 3.30gHz
    Motherboard
    gigibyte ga-78lmy-s2p
    Memory
    4gig ddr3
    Graphics Card(s)
    Radon hd5000 Series
    Sound Card
    onboard realtek hd
    Monitor(s) Displays
    19" viewsonic/ 22"Samsung
    Screen Resolution
    1680x1050
    Hard Drives
    128gig ssd Kingston
    80gig WD 10000 rpm spinner
    Case
    micro
    Keyboard
    microsoft curve 200
    Mouse
    Logitech wireless M215
    Internet Speed
    high speed 20
    Browser
    ie 11
    Antivirus
    windows defender
    Other Info
    updated enterprise apr 2/14

Brink

Administrator
Administrator
mvp
Posts
23,152
#3
Hello noob, and welcome to Eight Forums. :)

i. What is the difference between options 2 & 3? i.e. I could save to a file on a USB drive

What Jack posted above. You can save the same recovery key to a USB flash drive, or a location you want as a file.​

ii. Does option 2 mean the USB flash drive cannot then be used for other purposes?

Yes, you can still use the flash drive as usual. Just don't delete the recovery key .txt file, or move it from the root directory on the USB flash drive.​

iii. Does option 2 also mean I could use a USB external hard drive, or does it have to be a flash drive?

It does need to be a USB flash drive to be detected by BitLocker.​

iv. Once the recovery key has been created, can the key then be copied to other locations or is it only going to work where Bitlocker puts the key?

Yes, you can copy the recovery key .txt file to where you like. The recovery key .txt file saved to a USB flash drive is the same one as if you saved to a file.​

v. Just thinking about printing the recovery key - can this be used without a password to access the drive, how sensitive/important is the printed key?

Printing the recovery key is just having the recovery key .txt file printed out as a hard copy on a sheet of paper to keep somewhere safe in case you lose the USB or file.​


For more information, see also:

http://www.eightforums.com/tutorials/21818-bitlocker-recovery-key-back-up-windows-8-a.html
 
Last edited:

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS Maximus X Code Z370
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    250GB Samsung 960 EVO M.2,
    256GB OCZ Vector,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    300 Mb/s Download and 30 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB6190 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

crawfish

Member
Power User
Posts
454
#4
Saving to USB will also save a super-hidden .bek file in addition to the .txt file, and I believe it's the .bek file that is used during booting when the flash drive is serving as the key. That said, I'm not sure why they're saved for my fixed data drives, which are not bootable. I know from "manage-bde -protectors -get" that fixed drives each have an extra External Key that removable drives don't get, and the .bek files are for these keys, but I don't yet know their purpose. Can anyone elaborate on this?
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center

noob

New Member
Posts
6
#5
Thanks for all the replies, especially Brink for answering all my questions (and the link).

Much appreciated.

:)
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64 bit

Brink

Administrator
Administrator
mvp
Posts
23,152
#6
Glad we could help. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS Maximus X Code Z370
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    250GB Samsung 960 EVO M.2,
    256GB OCZ Vector,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    300 Mb/s Download and 30 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB6190 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone