No, it’s not possible to use a FileVault recovery key at this stage of repair.

It’s not failure, it’s secure by design to prevent attackers/governments from stealing your files without consent.

Under DFU brick and reset circumstances, the private key is gone, because otherwise an attacker could just upload a hacked firmware via DFU and access all your files.

I assume the installer uses a different process that performs a DFU upgrade-in-place that safely manages the handoff using signed code and such, but that’s not the process we get as a last restore described above.

If you don’t have off-device backups, you’re accepting the risk of losing all your data at any time due to any number of possible failures (software and hardware). Not much use getting upset about this specific case.

Not sure what DFU means as I'm not familiar with Mac. With any other encryption, it doesn't matter what the state of my system is. As long as I have the key, I can always decrypt it. And it's not a vulnerability. Without the key, the data is effectively inaccessible for everybody else (except maybe somebody with a quantum computer).

You get a recovery key when the original key is generated.

Yes: You can export a FileVault recovery key when enabling FileVault, whether on a T2 Mac or not.

No: There’s no opportunity to use FileVault recovery keys when you’re doing a DFU on a T2 Mac. If you have to DFU, your data is lost.

(edited to clarify per reply)

That wasn't the question I was answering or was asked, I think.