Klennet Storage Software

Encryption keys tab

Build 2526 Download Order

Generally, you can think of data encryption using the "lock and key" metaphor.

The "Encryption" tab is where you dump all the keys required to unlock all the encrypted partitions or filesystems you are recovering.

There is no need and no way to specify which key is intended for which lock. Klennet Recovery attempts to unlock any encryption it encounters using all the keys you provide.

When recovering an encrypted system, provide all the encryption keys as early as possible. You certainly need to load all keys before you start scanning a filesystem.

Specifying encryption keys

An encryption key is in one of three forms:

  • text;
  • bytes formatted as a hexadecimal string;
  • bytes stored directly in a file.

The three "Add" toolbar buttons allow you to enter a key in the corresponding form. After you import the key, the left side of the screen keeps track of your original input, and the right side shows how Klennet Recovery interpreted it.

Text passwords and passphrases

Technically, the only difference between a password and a passphrase is that a passphrase contains a space while a password does not. Thus, the terms are used interchangeably.

The input window accepts multiple passwords, one per line. Be careful with leading and trailing spaces, which are not trimmed automatically. The passphrase can start or end with a space. Therefore, Klennet Recovery must accept it as it is.

Different encryption systems use different encodings for passwords. Each password thus produces three binary sequences - ASCII, UTF-8, and UTF-16. However, the password only uses English (Latin) characters (plus numbers and standard punctuation), the ASCII and UTF-8 encodings are identical, and there will be only two binary sequences.

Bytes as a hexadecimal text string

In this mode, Klennet Recovery reads the hexadecimal string and directly converts it into bytes. It understands some common separators, so 1234AB, 12:34:AB, 12-34-AB, 12 34 AB, and 12.34.AB all produce the same result.

Bytes from a file

If the key is stored in a binary file, load the file to read the bytes from it without any interpretation. Do not use this mode for text passwords.

Specific use cases

APFS and FileVault

Enter your APFS encrypted volume password or the FileVault recovery key (which looks like TKVN-RX4G-NAV9-ALDB-653L-UAPE) as a text. For a FileVault recovery key, the dashes are part of the key, so do not remove them.

Copyright © 2017 - 2024 Alexey V. Gubin