The first step to administering FileVault disk encryption is to choose the type of recovery key that you want to use to recover encrypted data.
There are two types of recovery keys:
Individual (also known as “Personal”)—Uses a unique alphanumeric recovery key for each computer. The individual recovery key is generated on the computer and sent back to the JSS for storage when the encryption takes place.
Institutional—Uses a shared recovery key. This requires you to create the recovery key with Keychain Access and upload to the JSS for storage.
You can also choose to use both recovery keys (individual and institutional) together in the JSS.
If you plan to use an institutional recovery key, you must first create the institutional recovery key using Keychain Access. For instructions, see Creating and Exporting an Institutional Recovery Key.