Share via

A question about BitLocker. Can you please explain to me exactly what is the difference between the RecoveryKey StartUpKey parameters?

Juan Perez 21 Reputation points
2022-12-28T23:28:36.837+00:00

According to me, StartUpKey creates a .BEK file that allows the boot drive to be decrypted automatically when Windows starts. But I have been able to verify that a RecoveryKey contained in a USB does exactly that, so what is StartUpKey for?

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ck459 646 Reputation points
    2022-12-28T23:42:47.16+00:00

    Hi JuanPerez-1223,

    This is in reference to BitLocker Recovery.

    Startup Key file

    Startup Key file is a key file you would save on a USB drive/removable media to start Windows computer without having to enter the BitLocker recovery or password. An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or with a TPM for added security.

    Please refer a below mentioned article for a detailed information.

    Prepare the organization for BitLocker Planning and policies (Windows 10) | Microsoft Learn

    BitLocker Recovery Key

    Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.

    Please refer a below mentioned article for a detailed information.

    Finding your BitLocker recovery key in Windows - Microsoft Support

    Regards,
    CK

    0 comments
  2. Limitless Technology 44,751 Reputation points
    2022-12-29T16:30:45.71+00:00

    Hello there,

    If you configure BitLocker on a computer with a TPM, with a protecter -TPMAndStartupKey or -TPMAndPINAndStartupKey for the system drive, it behaves like a multi-factor. To unlock the sytem drive, you need all of the factors.

    Then, the difference between Start-up Key and Recovery-Key is significant. A recovery key will then be able to boot the Windows drive without needing the TPM-hardware or PIN. A Startup key will only contain half of the secret to unlock the Windows partition, the orther half will be inside the TPM.

    -----------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.