Aorimn
Possible to recover "recovery key" if VMK is available?
I was wondering, if I had access to the VMK, would it be possible for dislocker to recover any or all of the recovery keys that might be associated with a given image? There are some tools that I have that don't allow me to use the VMK like Dislocker, but other people I work with use the other tools, so I'm constantly having to fully decrypt volumes using dislocker. If I could get the recovery key using the VMK, then it wouldn't be an issue I don't think.
Unfortunately, recovering the BitLocker recovery key with the VMK is not possible. With the VMK it is only possible to get a hash of the recovery key, but you cannot get back the plaintext recovery key from this hash.
I had a similar problem like you: I wanted to access BitLocker volumes on Windows only knowing the FVEK without fully decrypting them. My solution was to write an additional key-protector (password or clear key) to BitLocker metadata. Windows and other tools can then use the new password or clear key to unlock the volume.
I have forked dislocker and implemented adding key protectors here: https://github.com/MWedl/dislocker/blob/master/src/dislocker-pwreset.c The current implementation adds clear key and a hard-coded password. You might want to change them. I have not tests it with many BitLocker samples, so you should keep a backup of the BitLocker metadata in case something goes wrong.
I wish I'd read that closer. That may solve my problem, but I'm not sure because I don't know what the view on adding metadata to something would be. I'll give it a go in any case. I should have thought of that.