BitLocker recovery, where/how to find BitLocker recovery key in Windows 10/8/7?

Updated by Tim to BitLocker Recovery Tips on September 24th, 2020

Table of Content

What is BitLocker recovery key?

A BitLocker recovery key, aka Microsoft recovery key or Windows recovery key, it is a special key that was automatically generated when encrypting the specific drive with BitLocker drive encryption.

BitLocker recovery key is stored in a .BEK file named like BitLocker Recovery Key 444C8E16-45E7-4F23-96CE-3B3FA04D2189.BEK as below:

BitLocker recovery key

BitLocker recovery key format: 419595-387156-44334-315590-197472-399399-320562-361383

BitLocker recovery key is used to unlock your BitLocker drive when you forget the password or the password is not working.

Where/How to find BitLocker recovery key in Windows 10/8/7?

There are five methods to find BitLocker recovery key on Microsoft site: http://windows.microsoft.com/recoverykeyfaq (the previous page is aka.ms/recoverykeyfaq), this article will tell you seven methods to find BitLocker recovery key:

Option 1: In your Microsoft account

To retrieve the recovery key that was stored to onedrive, visit the site:https://account.microsoft.com/devices/recoverykey (The previous page is http://windows.microsoft.com/recoverykey), sign in with your Microsoft account and then you will see the recovery key.

Option 2: Find BitLocker recovery key on a USB flash drive

To find the recovery key, insert that USB flash drive into your computer and view it.

BitLocker recovery key on a USB drive

Option 3: Find the BitLocker recovery key in a txt file

Recovery key may be saved as a txt file in your computer. If you have not deleted it, search BitLocker Recovery Key.txt in your computer.

BitLocker recovery key

Option 4: Find the BitLocker recovery key in a document

If you printed BitLocker recovery key to a "Microsoft Print to PDF", search for pdf file on your computer.

Print BitLocker recovery key

Option 5: In Active Directory

If you are a domain user, the recovery key may be saved to Active Directory (AD), contact your administrator to get it.

BitLocker Recovery Password Viewer can locate and view BitLocker recovery key that is stored in Active Directory (AD).

In Active Directory Users and Computers, locate and then click the container in which the computer is located. For example, click the Computers container.

Right-click the computer object, and then click Properties.

In the ComputerName Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery keys that are associated with the particular computer.

Option 6: In your Azure Active Directory account

For work PCs where you sign in with an Azure Active Directory account, see the device info for your Microsoft Azure account and get recovery key.

Option 7: Using a BitLocker password brute-force cracking tool

Refer to: How to unlock BitLocker drive without password and recovery key?

How to bypass BitLocker recovery key?

If you cannot get BitLocker recovery key with key ID, there are two BitLocker brute-force cracking tools you can have a try.

1. Recover the lost BitLocker recovery key with Passware Kit

Passware Kit scans the physical memory image file and the system hibernation file (hiberfil.sys), extracts all the encryption keys, and decrypts the BitLocker encrypted volume. Refer to How to decrypt BitLocker volume with Passware Kit?

2. Recover the lost BitLocker recovery key with Elcomsoft Forensic Disk Decryptor

Elcomsoft Forensic Disk Decryptor could extract data from a BitLocker encrypted volume by utilizing the binary encryption key contained in the computer's RAM. It could find and extract that key by analyzing the memory dump or hibernation file.

Learn where BitLocker recovery key is stored

Recovery key may be saved in a number of locations depending on the version of Windows OS you installed:

For Windows 7, where is BitLocker recovery key stored?

  • Recovery key may be stored as a txt file
  • Recovery key may be stored to a USB flash drive
  • Recovery key may be physically printed

For Windows 8, where is BitLocker recovery key stored?

  • Recovery key may be stored as a txt file
  • Recovery key may be stored to a USB flash drive
  • Recovery key may be physically printed
  • Recovery key may be stored to your Microsoft account
  • Four options to save the recovery key

    For Windows 10, where is BitLocker recovery key stored?

  • Recovery key may be stored as a txt file
  • Recovery key may be stored to a USB flash drive
  • Recovery key may be physically printed
  • Recovery key may be stored to your Microsoft account
  • Recovery key may be stored to your Azure Active Directory account

So if you are a non-domain user, recovery key may be stored in your Microsoft account, USB flash drive, a txt file or printed paper.

If you are a domain user, BitLocker recovery key may be stored to Active Directory (AD), contact your administrator to get it.

BitLocker recovery key ID part

What is BitLocker recovery key ID?

BitLocker recovery key ID is BitLocker recovery key identifier. If recovery key ID matches the one displayed on your drive, you can unlock that drive. If recovery key ID doesn't match the one displayed on your drive, you need to find the correct recovery key. Otherwise, you cannot unlock that drive.

How to verify if the BitLocker recovery key is correct?

To verify if BitLocker recovery key is correct, compare the start of the full BitLocker recovery key identifier with recovery key ID value. See below example:

BitLocker recovery key ID

How to find BitLocker recovery key ID value?

For the BitLocker encrypted operating system volume, BitLocker recovery key ID is displayed on the BitLocker recovery screen.

BitLocker recovery screen

For BitLocker encrypted data drive, BitLocker recovery key ID is displayed when users click on "More options" and then on Enter recovery key in the wizard to unlock a BitLocker drive.

BitLocker recovery key ID

How to get BitLocker recovery key with key ID?

If you can find BitLocker recovery key txt file or saved the BitLocker recovery key in your Microsoft account, AD, Azure AD, you can find the correct BitLocker recovery key according to key ID. Otherwise, there is no way to get BitLocker recovery key. More details to find BitLocker recovery key...

To verify if it is the correct BitLocker recovery key, compare the start of the full BitLocker recovery key identifier with the recovery key ID value that is displayed on your BitLocker drive, see below example:

BitLocker recovery key ID

Reoovery key FAQ

Q: How to get BitLocker recovery key with the recovery key ID?

A: If you are a domain user, contact your administrator to get BitLocker recovery key according to the recovery key ID.

Q: BitLocker drive doesn't accept the password and recovery key, how to unlock it?

A: In this situation, BitLocker drive has been corrupted, try M3 BitLocker Recovery to recover lost data.

Q: Why does BitLocker recovery screen prompt for recovery key every boot Windows 10/8/7?

A: You may encounter an issue so that BitLocker asks for a recovery key every boot, for example, BitLocker sees a new device in the boot list or an attached external storage device, it will prompt for the recovery key for the security reasons.

Q: What causes BitLocker to ask for recovery key?

A: Boot order is changed. The hardware has been changed. The password information has been completely erased from the BitLocker metadata due to accidental unplugging, virus attack, etc.

Q: Is there a BitLocker recovery key generator ?

A: No, every BitLocker drive has its own unique BitLocker recovery key.