Bitlocker actually has multiple keys. There's one key to encrypt your data. There's a volume master key that encrypts the data encryption key. And then there are zero or more key protectors for the volume master key. One of those can be the TPM (or TPM with PIN), one can be a long password, one can be a recovery key (IIRC 48 decimal digits), and I believe there are other options as well. Each one is independently capable of decrypting the volume master key, which in turn decrypts the data encryption key, which in turn decrypts the data.So ideally you'd just get your recovery key and store it someplace well protected like a safe or a password manager.
No comments yet.