fdesetup add -inputplist FAILS when using recovery key

I am no longer able to add users to be able to unlock FileVault on machines using the recovery key in the 10.14 beta. The following plist and command below works on 10.12 and 10.13.


My app runs as root.

>fdesetup add -inputplist < /applications/<myapp>/.adduser_input.plist


.adduser_input.plist:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>AdditionalUsers</key>

<array>

<dict>

<key>Password</key>

<string>myadminuserpassword1</string>

<key>Username</key>

<string>adminuser</string>

</dict>

</array>

<key>Password</key>

<string>E2RA-T9KH-9K6G-RKUQ-4YX4-UKWN</string>

</dict>

</plist>


Previously, this would add the user to be able to unlock FileVault on bootup. But, now in the 10.14 preview, I get the following error message:


OD user '(null)' could not be authenticated.

Error: Unable to add one or more users to FileVault. (11)


I've tried modifying the plist by adding the Username key but the authentication still fails. I tried root as well as the primary user that FileVault was enabled with.


OD user 'primaryuser' could not be authenticated.


OD user 'root' could not be authenticated.


Obviously, I do not have access to the users password to authenticate with, I just have the recovery password that was generated when we enabeld FileVault on the device.


I can run > fdesetup validaterecovery

Enter the current recovery key:

true


So, I know the recovery key is valid.


According to the man page, it still indicates the recovery key can be used to authenticate:


add -usertoadd added_username ... | -inputplist [-verbose]

Adds additional FileVault users. A FileVault user password or recovery key must

be used to authenticate.


Anyone have any suggestions?