Mounting a FileVault-encrypted backup on another Mac
 

Hi, I successfully made a final backup of an old iMac using SuperDuper. Since the old iMac was running macOS 10.15.7 Catalina, SuperDuper is unable to write to a pre-encrypted volume. So instead, I configured it to "erase, then copy", which generated an unencrypted bootable backup. I then booted from the backup and enabled FileVault, being careful to note down both the recovery key and the password of one of the macOS users.

Before I go ahead and securely erase the old iMac, I decided to verify that the backup data is accessible on my brand-new MacBook Pro M3. When I mounted the external backup volume, I was able to successfully decrypt/mount it using the macOS user's password - but not using the FileVault recovery key.

This is not an issue, because I know the macOS user password and I've confirmed that the data is accessible. However, I'm curious to understand why the recovery key didn't work. I thought the whole point of FileVault recovery keys is that you can use them if you forget your macOS user password. Any ideas why it didn't work? Thanks!

I have no idea, unfortunately. We're not doing anything weird with the drive, and don't interact directly with encryption at all.

OK - interesting. I have a vague memory of being able to to this, but it was a long time ago - well before APFS.

I'm wondering if perhaps Apple changed something, and recovery keys are now cryptographically bound to the particular Mac they were generated on, and (by design) will not work if the same volume is mounted from a different Mac.

While that's possible, and certainly something I thought of, you'd think the password wouldn't work either in that case...