What is BitLocker Recovery and How to Find the Recovery Key on Windows 11

We may receive a commission for purchases made through the links on our site. This helps us keep everything up and running.
What is BitLocker Recovery and How to Find the Recovery Key on Windows 11

If you’re looking for an BitLocker recovery key for Windows 11, it might be saved within your Microsoft account or stored on an USB drive, or saved to a file, printed on paper, or any other.

BitLocker is an encryption function that is integrated into every version of Windows from Vista. It was designed to safeguard your data and files from access by encrypting the whole hard disk. The encrypted drive is able to be accessed using an account password or smart card that you created when you enabled Bitlocker Drive Encryption on the drive. If someone attempts to access the encrypted drive without proper authorization, they will be denied access.

If you forget your password/PIN or have lost the smart card you have, then may make use of this BitLocker Recovery key to access the drive that is encrypted by BitLocker. It is the BitLocker Recovery key can be described as a 48-digit number that is generated automatically when you enable Bitlocker Drive Encryption on the drive.

If you’re interested in knowing how to turn off or enable BitLocker and also how to backup the BitLocker recovery key for Windows 11, please check out our guide on BitLocker. In the BitLocker installation procedure the recovery key will be saved to the account of your Microsoft accounts, and printed out on paper or saved as an image file.

Alternatives to retrieve the BitLocker Recovery Key

There are a variety of places where to look for keys that you have saved BitLocker Recovery keys depending on the method and location you back the recovery key:

  • In your Microsoft account.
  • On a printout document
  • On an USB flash drive
  • In a Text File
  • In an Active Directory
  • Within the account of an Azure Active Directory account.
  • Utilizing the Command prompt
  • Using PowerShell

The structure of the name of the recovery key file typically looks like this:

BitLocker Recovery Key E41062B6-9330-459D-BCF0-16A975AE27E2.TXT

“BitLocker Recovery key” word, followed by a random mix of letters and numbers as illustrated above.

If you are encrypting your drive using BitLocker, the Drive Encryption wizard gives you four options for backing your recovery.

In addition, you can additionally use Active directory commands, command prompts, and PowerShell to locate keys for recovery.

How to Find the Correct Recovery Key?

If you’ve only saved two or more recovery keys in a particular place you are familiar with, it will be much easier to find the keys. If, however, you stored multiple Recovery keys on multiple drives that are encrypted it can be difficult to find the correct key for recovery. This is why Windows assists us in finding the key to recover by giving an Key ID. It is possible to search for key recovery files (‘.TXT’ as well as ‘.BEK’) with filenames that are compatible with those of the Key ID.

Let’s take an example, for instance. you attempted to unlock a drive using the help of a password, but did not remember the password and attempted to open the device with an recovery key. For unlocking a device with this recovery tool, simply click “More options”.

After that, select the “Enter Recovery Key” option.

Then, BitLocker will ask you to enter your recovery code however, it will provide you with the key ID. that Key ID to help you identify the correct Recovery Key password.

Every recovery key comes with the Identifier (ID) and a recovery key password that you are able to access the disk. IDs (ID) can be a mixture of numbers and letters, keys comprise 48-digit codes.

Key ID Key ID is also part of the name of the recovery key files.

1. Find Bitlocker Recovery Keys from Microsoft Account

If you decide to save or backup your recovery key within the account of your Microsoft accounts during the BitLocker set-up procedure, you are able to access it using the account of your Microsoft account.

To access the recovery key that was saved within the account of your Microsoft account, first go to Microsoft’s website. Microsoft site to sign up using the details of your Microsoft account. Log in with the username you used to sign in and your password, then select ‘Sign in’.

Then, you will be able to access the ‘Devices page of your Microsoft account, where you will be able to monitor and manage your devices that are connected with the Microsoft account. On the Microsoft account’s Devices page, select the “Info & support’ tab under the name of your device.

On the next screen on the next page, select the ‘Manage recovery keys’ option under the Bitlocker section for data protection.

Microsoft might ask you to prove your identity using an OTP code that is sent to your mobile or a security code. There will be a text option that is the two last digits of your phone number. You can click on it to confirm.

Enter the last four digits of your number, and then select ‘Send code’..

If you select”Send code, Microsoft will send a text message that contains a security code (OTP) on your mobile. Enter the OTP code into the field for code and then select “Verify”.

After the identity has been verified after which it will direct you into the BitLocker Recovery Keys webpage where you will see the details about recovery keys, including Devie name Key ID, the Key password, Drive, and the date of upload. By using the relevant Key ID, the name of the device, and date, you will be able to locate the correct recovery key for your specific drive.

Then, you can use the keys to gain access a drive that is encrypted.

2. Find the BitLocker Recovery key on a File Saved on the Same Computer

If you have backed up the recovery keys, in case you selected the ‘Save to a file option, you may have saved your recovery key in a text document (.TXT) or an ‘.BEK or ‘.BEK’ document on the computer. If so this, it’s likely to be located on the same computer, but in a different drive, or network drive, therefore, look for the file.

The BitLocker recovery keys are usually named and saved some like ‘BitLocker Recovery Key 4310CF96-5A23-4FC0-8AD5-77D6400D6A08.TXT’ (if not renamed to something else by you). You can search for all Recovery keys within the file Explorer by searching for “BitLocker Recovery Key” in the search bar.

It is also possible to search to find your BitLocker Recovery key that has Key ID, which is displayed in the BitLocker password dialog box. Look for the name of the text file using eight characters in the beginning, followed by the words ‘BitLocker Recover Key which matches with the Key ID.

When you have located the recovery key file, you can open it. You will see an entry for the Key ID (Identifier) line as well as it will also contain the key to recovery.

3. Find the BitLocker Recovery Key on an USB flash drive

If you have backed to your recovery key using an USB flash drive, plug the USB flash drive in your PC to look it up. It could also be saved in a text file, the same as the one in the previous section. This is the most popular method to save recovery keys when you’re encrypting your operating system drive. In this case, you could use another computer to read this text-based file.

4. Find the BitLocker Recovery Key in a Printed Document

If you printed out the recovery key, instead of saving it digitally to your PC, USB, or in the Microsoft account, then search for the paper file that contains it. You can also find the BitLocker Recovery key and use it for unlocking your device.

You can also save your recovery key in a PDF format, by selecting Microsoft print to PDF option from the Print option. In the event that you have saved your recovery key in a PDF format, then search for the PDF file in the location you saved it.

5. Locate your BitLocker Recovery Key in your Azure Active Directory account

If you’re signed into your Azure Active Directory (AD) account with an email account from school or work account and your BitLocker recovery key could be stored in the organization’s Azure AD account that is linked to your email. In these instances you must log into the correct account to retrieve the recovery key from your account’s profile, or you might have to call your system administrator to obtain the key.

6. Locate your BitLocker recovery key within Active Directory

If your computer connects to an domain like the work or school domain network your BitLocker recovery key could be saved within Active Directory (AD).

If you’re an AD domain member, you will need be able to download BitLocker Recovery Password Viewer and look up your BitLocker recovery key that is saved within Active Directory (AD).

Open Active Directory Users and Computers on your domain computer, and then click the ‘Computers’ container , or folder. Right-click on the computer object and choose ‘Properties’..

If you open the Computer Properties dialog window opens Switch to the tab ‘BitLocker Recovery’ to see your BitLocker recovery keys for your PC.

7. Find your BitLocker Recovery Key by going to the Command Prompt

You can also make use of your Command prompt to locate your BitLocker Recovery key on your computer. Here’s how to do it:

Then, you must first, open first the Command command prompt with the administrator role. To accomplish this, type Command prompt or ‘CMD in the Windows search engine and then select the option to run as administrator to get the first result.

Within the Command Prompt, type the following command, then press Enter to display your recovery key

manage-bde -protectors H: -get

In the above command, be sure you change the drive letter ‘H by the drive that you’re trying to locate your recovery keys for. After you type in the command above you’ll find the recovery key in the section for passwords. It’s a string of long numbers with 48 digits as illustrated below.

Write down or record the recovery, and ensure it’s safe so you’ll be able to use it in the event that it becomes necessary.

If you wish to store the key for recovery to an encrypted text file in a drive other than the one you are currently using, use this command

manage-bde -protectors H: -get >> K:RCkey.txt

Where do you replace ‘K:RCkey.txt with the filename of the location in which you wish to store the document as well as the file’s name.

8. Find BitLocker’s Recovery Key by using the PowerShell

Then, start PowerShell as an administrator. Enter the word “PowerShell” in the search bar, then select “Run as administrator” to launch the elevated version of PowerShell.

To locate the BitLocker Recovery Key to the drive you want to follow the following command:

(Get-BitLockerVolume -MountPoint C).KeyProtector

Replace the drive letter “C” with the encrypted BitLocker drive letter to locate the recovery key.

For saving your Bitlocker recovery key you have found to a text file at the specified place you can use this command

(Get-BitLockerVolume -MountPoint D).KeyProtector > G:OthersBitlocker_recovery_key_H.txt

Where replace ‘G:Others’ to the location where you want to save the file and ‘Bitlocker_recovery_key_H.txt’ to the file name you want to use.

To locate BitLocker Recovery Key for all encrypted drives on your computer follow the following command:

Get-BitLockerVolume | ? $_.KeyProtector.KeyProtectorType -eq "RecoveryPassword" | Select-Object MountPoint,@{Label='Key';Expression="$($_.KeyProtector.RecoveryPassword)"}

If the command above doesn’t work, try the following command to display your Recovery Key password for all encrypted drives on your computer:

$BitlockerVolumers = Get-BitLockerVolume $BitlockerVolumers | ForEach-Object { $MountPoint = $_.MountPoint $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword if ($RecoveryKey.Length -gt 5)  Write-Output ("The BitLocker recovery key for the drive $MountPoint is $RecoveryKey.")  }

That’s it.

Related