Guide to Recover Data from an Encrypted Mac Hard Drive
-
Written By Vishal
-
Approved By Tanushree Chatterjee
-
Updated on 5 Aug, 2024 -
Min Reading 8 Min - Share
Summary: Hard drive encryption is a useful utility on Mac that helps users password-protect their confidential data on the system or an external hard drive. Sometimes, an encrypted hard drive becomes inaccessible & malfunctions due to logical errors. In this blog, learn how to encrypt & decrypt an external hard drive or the native disk drive on Mac. Also, get a guide to recover data from a malfunctioning or inaccessible encrypted hard drive.
Drive encryption in Mac allows users to secure confidential data from unwanted access or theft. Users can enable drive encryption on a Mac’s native disk drive and external storage drives like HDDs, SSDs, etc.
The only way to decrypt an external Mac hard drive and access its data is to enter the decryption key. Without it, you won’t be able to access or recover your data from an encrypted Mac hard drive/solid state drive.
Let’s dive in to learn more about Mac disk drive encryption & decryption in detail.
What is Mac Hard Drive Encryption?
macOS offers FileVault – a built-in feature to encrypt native Mac disk drives and external hard drives to protect your data from prying eyes, thefts, and hackers. FileVault full-disk encryption (FileVault 2) uses XTS-AES-128-bit encryption with a 256-bit key to help prevent unapproved access to the information on your startup disk.
How to Encrypt and Decrypt Mac Hard Drive?
macOS has several native methods to encrypt and decrypt a Mac hard drive. The following sections illustrate the methods in detail. We will also look at how to recover data from an encrypted or corrupt Mac hard drive.
Method 1: Encrypt or Decrypt Mac hard drive using Finder
macOS Finder allows you to encrypt or decrypt your internal or external Mac hard drive and volume quickly.
Encrypt a Storage Drive using Finder
To encrypt your Mac hard drive by using Finder, perform the following steps –
- Use the internal Mac volume or connect the external storage drive you wish to encrypt.
- Launch Finder, and from the left pane, secondary-click a drive or volume and select the Encrypt ‘Drive_Name’ option.
- Set a password and hint as requested by macOS. Wait until the hard drive encrypts. From now on, you need to key in the password to unlock the drive.
Similar to encrypting a hard drive, macOS Finder also makes the process of decryption easy.
Decrypt a Hard Drive Using Finder
- Open Finder, and from the left pane, secondary-click on the encrypted hard drive and select the Decrypt ‘Drive_Name’ option.
- After decrypting the drive, access the hard drive directly without any password.
Method 2: Encrypt or Decrypt Storage Drive using FileVault
FileVault is the native disk encryption application that allows you to encrypt your startup disk. It uses your login password as an encryption key.
Encrypt your Mac hard drive using FileVault –
- Go to Apple menu > System Preferences > Security & Privacy > FileVault tab.
- Click the Lock icon and enter admin credentials. Click the “Turn On FileVault” button.
- Provide a password to encrypt the disk. Your Mac encrypts the disk in the background. You can check the encryption progress from the FileVault section.
- After encryption, restart your Mac and provide the login password to finish starting up.
Decrypt your Mac hard drive using FileVault –
- Open the FileVault tab from Security & Privacy, as explained before. Click the “Turn Off FileVault” button. Your Mac decrypts the disk in the background. You can check the decryption progress from the FileVault section.
- After decryption, restart your Mac. Now, you won’t need any password to unlock your Mac hard drive.
Method 3: Encrypt or Decrypt Storage Drive using Disk Utility
Disk Utility has the option to erase your Mac hard drive in an encrypted format—APFS (Case-sensitive, encrypted), Mac OS Extended (Journaled, Encrypted), or Mac OS Extended (Case-sensitive, Journaled, Encrypted).
Encrypt your Mac hard drive using Disk Utility –
- For non-startup disks, launch Disk Utility from Finder > Applications > Utilities. Or else, press Command + Spacebar to bring Spotlight. Type disk utility and click the Disk Utility search result to launch the application.
- From Disk Utility, select the internal non-boot Mac volume or the external hard drive you want to protect via password, and click the Erase tab.
Warning: Erasing a drive will remove all its content, so back up before performing the erase operation.
- In the Format section, click the drop-down menu to select an encryption format.
- In the Name section, provide your hard drive with a name and click Erase. Before macOS erases the drive, it displays a dialog box asking for a password.
- Enter a password that is easy to remember yet difficult to crack for others. Don’t forget to provide a Password Hint. Disk Utility completes the erase process of your hard drive.
- When the erase process is over, the encrypted drive mounts on the Mac. Enter the drive’s password each time you access it. If you forget the password, the drive will become inaccessible.
Encrypt Macintosh HD, the startup disk, using Disk Utility in macOS Recovery mode –
- Start or restart your Mac immediately by pressing and holding the Command + R keys. Release the keys when the Apple logo appears. Your Mac boots into macOS Recovery mode.
- From the macOS Utilities window, select Disk Utility and click Continue. Erase the startup disk in an encryption format after backing it up using Time Machine.
- Reinstall macOS from the macOS Utilities window. Finally, restore the backed-up data from the Time Machine backup drive to the encrypted drive.
Disk Utility also lets you decrypt a Mac hard drive that you have erased using an encryption format.
Decrypt your Mac hard drive using Disk Utility –
- Open Disk Utility, then select your encrypted storage drive.
- To unlock the hard drive, go to File > Unlock ‘Drive_Name.’
- Enter the password when prompted.
- To decrypt the hard drive, go to File > Turn Off Encryption.
Method 4: Encrypt or Decrypt Storage Drive using Terminal
Terminal is a powerful application that can help you encrypt or decrypt your Mac hard drive. However, working with Terminal requires a complete knowledge of the Terminal commands, and any incorrect operation can result in data loss. So, back up your data from the drive before executing any Terminal command.
Encrypt a hard drive using Terminal –
- Launch Terminal from Finder > Application > Utilities.
- Type diskutil apfs list and hit Return. The Terminal produces a list of all APFS volumes and containers. Note down the APFS volume ID information.
- To encrypt volume, type diskutil apfs encryptVolume /dev/apfs_volume_id and hit Return. Type the password for encryption when asked. Type again to confirm the password.
- To monitor encryption progress, type diskutil apfs list and hit Return.
Similarly, you can decrypt your encrypted Mac hard drive by using Terminal.
Decrypt an APFS encrypted drive using Terminal –
- Launch Terminal. Type diskutil apfs list and hit Return to know the APFS volume ID.
- Type diskutil apfs unlockVolume /dev/apfs_volume_id -passphrase type_the_key, then hit Return to unlock the volume.
- Type diskutil apfs decryptVolume /dev/apfs_volume_id and hit Return to decrypt the volume. Authenticate when prompted.
- To monitor decryption progress, type diskutil apfs list and hit Return.
For other drives, do the following –
- Launch Terminal and type the code diskutil cs list and hit Return. The Terminal produces a core storage list in a hierarchy. Copy the alphanumeric code that is logical volume UUID, which is next to Logical Volume Group.
- Type diskutil cs decryptVolume logical_volume_uuid -passphrase type_the_key and hit Return.
But what if you delete few crucial files from an encrypted hard drive, or the drive itself turns corrupt. In such cases, you’ll need to find ways to recover your lost data.
Recover Data from an Encrypted Mac Hard Drive
Part 1: Recover Encrypted Mac Hard Drive using Time Machine
Mac data loss can occur from an encrypted hard drive due to accidental deletion, formatting, or corruption. So, setting up a Time Machine backup hard drive is a must.
Time Machine performs incremental backups of your encrypted Macintosh HD per the schedule. And in case of data loss, you can use Time Machine to restore the lost data to your Mac drive.
Steps to recover encrypted Mac hard drive with Time Machine –
- Ensure your Time Machine backup drive is connected to your Mac. Launch Time Machine from the Launchpad.
- Find the deleted or lost files by using Up/Down arrows or Timeline. Select the required files and folders, then click Restore. The files will restore to their actual location.
Part 2: Recover Encrypted Mac Hard Drive Data using a Mac Data Recovery Software
What if you haven’t set up Time Machine on your Mac or the configured Time Machine backup drive has become corrupt? In such cases, only reliable data recovery software for Mac like Stellar Data Recovery Professional for Mac can help you recover data from an encrypted hard drive.
- Install Stellar Data Recovery Professional for Mac. Launch it.
- On the first screen, select what you want to recover. By default, Recover Everything option is selected. Click Next.
- On the next screen, choose the Encrypted Volume. Enter the Password and click Continue.
- Click Scan.
Notes –
| If you fail to provide a passcode to unlock your encrypted hard drive, the software won’t proceed further to scan your encrypted drive.Once the drive is unlocked, re-select the drive, and you can either switch to Deep Scan or stick with the primary scan option at your convenience. |
- Once the scanning is completed, the software will list all the recoverable items. Preview the items.
- If you are satisfied after the preview, select the files for recovery. Click Recover and choose a place to save recoverable files.
Watch this video to learn how you can encrypt, decrypt, and recover data from an encrypted Mac hard drive.
Note – In case of a corrupt encrypted Mac hard drive, the software will perform RAW recovery on the physical drive. In such a scenario, the files names might look different. You can recover the desired files by previewing them one by one.
What if the Decryption Password is Lost?
If the decryption password is lost, the data on your encrypted Mac hard drive is lost forever. You won’t be able to retrieve it even with the help of a data recovery software. Therefore, keep the decryption key saved in a secure location to use when required.
Conclusion
Although macOS has made encrypting hard drives easy and convenient, one should be careful while doing it. A decryption key or password is required to access an encrypted device. Losing the decryption key can make the drive permanently inaccessible, and you may lose your data forever.
Therefore, you keep the decryption key of the drive safely and within your reach.
If you have the decryption key but still can’t access the data on the drive, you should use Stellar Data Recovery Professional for Mac to recover data from an encrypted Mac hard drive.
As a final tip – Do not rely on one drive. Create backup copies on separate drives to avoid unexpected data losses.
Read More
A Guide to Solving Mac Hard Drive Problems
A Comprehensive Guide to Mac Hard Drive Recovery
Was this article helpful?
YES1 
NO About The Author
Vishal is a data recovery expert @Stellar. He addresses data loss scenarios on a Mac. He intends to help people solve their macOS problems. Besides, Vishal prefers to read about astronomy and autobiography, and his favorite is Steve Jobs - The man who thought different written by Karen Bluementhal.
77 comments
Leave a comment
If you encounter a decryption paused error, the most common fix is the computer must be plugged into power for this process to continue. However, I encountered this while on a Mac Mini. A simple switch to a primary USB port (as opposed to a USB hub) solved the issue. Such was my experience. Hope this help someone.
Hello, I recently had to erase my iMac drive, and install Catalina OS. That went well, previous problems were eliminated. However, when I was in Disk Utility, I must have unknowingly selected an option to decrypt my Seagate Plus 8 TB drive. It’s been decrypting for about five days now, and using “diskutil cs list” in Terminal, it says it is at the 90% conversion progress. But it seems to be stuck. The progress indicator has not moved all day today. Is there any way to check to see if the process is still ongoing? It seemed to be working OK last night, but today is different. Many thanks.
Hi Brian,
If the process is completed then share your further experience. However, if the issue still exists then we suggest you to try the other methods mentioned above.
Hope that will help!
Stellar Mac Data Recovery Software really helps a lots of people out there to recover their precious data on internal/external hard drives, USB flash drives, SSD drives and many other.
Thanks for your kind words, Ron!
Hi Vishal,
While FileVault was turned on, I moved some files to an external hard drive. They got lost and are now recovered from the external. However, I turned FileVault off on my mac. The recovered audio files show in my finder but will not play. Do I need to turn FileVault back on in order for these files to be recognized again?
Hi Derrick,
Yes you can try, but I think you saved your encrypted files on your external hard drive. So, you need to decrypt your files to make them playable.
Thanks
how to unlock MAC 500 GB disk where its not accepting the password . we have data on the disk.
Hi Ravi,
You need your unlock password to scan and recover data from the drive. If you’ve lost your password then only a backup can help.
Thanks
Hello – just checking, when I click on the HD I want to scan and enter password to unlock or decrypt the APFS, I then get a refreshing drive load up and spinning icon. However, when this finishes and I click on the HD I wish to scan I get the prompt again to enter the password.
Can you advise, is the password the same that I use to login? Or is there another password connected to the computer I should be using?
Thank you
Hi Albert,
Use the FileVault decryption password.
Thanks
I followed method 4 to decrypt my harddisk.
Type “diskutil cs delete logical_volume_uuid” and hit Return”
The program came to about 33% then it stopped and now my partition is gone!”
If I type “diskutil cs list” I get the following message “No CoreStorage logical volume groups found”
Please help!!
I have done the encryption part through the first method and somehow my drive is ‘encrypting’ and does not open on any other device; if I somehow disconnected the drive from my mac during the encryption period would that have caused a problem as such to happen? I would really appreciate your feedback, thank you kindly.
Hello Norah,
Did you unplug your drive after running out of patience? For how long the process took to encrypt your drive? Is your drive available in the Disk Utility window or in your Mac’s Finder?
Regards
Vishal
hi I am trying to recover deleted files from my macbook having Mojave 10.14.4 on it – the drive is APFS encrypted using FileVault but it is unlocked. When I start the software and choose the system drive it asks for the AFPS password. when I type in my login password it says “decrypting Volume” for a few seconds then nothing happens. If I wanna scan it asks for the password again.
Do I have to decrypt the drive using FileVault before recovering. I thought the software can unlock the drive itself.
Martin
Hello Martin,
You need to disable the File Vault, and then you will be able to scan the drive using Stellar Data Recovery-Professional. Thanks