I have the same problem...

VMs do NOT encrypt themselves.  Encryption being enabled is either a choice that you made, or was made for you when you created a Windows 11 guest operating system with Fusion 13. In either case, you're prompted for a password (or offered to auto-generate one) and offered to save it in the Keychain.  You get a very stern warning if you do not offer to save the key in the keychain.

Take a look at that entry of "VMware Fusion Encryption Key" in the Keychain. You'll find that the "Where" field points to the .vmx configuration file of the VM, and if you double click  the item and click on the "show password" buttion, you'll see the password. 

The old full VM encryption feature also asked you for an encryption key when you turned on the encryption.

The only time that Fusion encrypted a VM "by itself" with a key that you didn't specify is if you made the unfortunate choice (or mistake) of enabling the experimental partial encryption feature of Fusion 12 or Workstation 16. Even then, it didn't do things by itself - you  had to go out of your way and manually edit the .vmx file in order to enable that feature. The feature wan't ready for prime time and was a one-way street to problems. 

Fusion 13.5 does not upgrade the encryption scheme to the new XTS encryption unless you tell it to. It will not apply that to an unencrypted VM. 

If you've partially encrypted the VM "Only encrypt the files necessary to support a TPM" - then the VMDK files of the VM are not encrypted. A new VM can be created and the virtual disks "transplanted" from the old VM into the new one. If you've fully encrypted the VM and forgot/don't have access to the password - you've hit a brick wall. 

That's indeed very strange.

You wouldn't happen to have a copy of that VM and its .vmx file available from before the 13.5 update, would you? Just would like to take a look at it.

Hers the VMX file, its from my last backup from 27 September which was before the latest VMware update (which I installed yesterday). 

Well I understand what's going on now...

The VM was encrypted with the experimental vTPM implementation of Fusion 12.2. That's evident by the presence of the following line in the .vmx file

managedVM.autoAddVTPM = "software"

The system did auto-generated the encryption key for you without your input. It didn't automatically encrypt the VM though. The vmx file had to be hand edited in order for the encryption to be enabled. The experimental vTPM did not have a GUI setting to enable it. 

That vTPM should never have seen the light of day nor should anyone have used it. As I said, it's a one-way street. One of the huge failures of that implementation was that it autogenerated the encryption key and didn't give you any way to know what it is. The second big failure of the implementation was that the auto-generated encryption key is tied to the system somehow - meaning you can't easily move the VM to another machine.

Those defects were fixed in Fusion 13 and Workstation 17. Since those releases didn't change anything, all worked fine. But it looks like if you try to upgrade to Fusion 13.5 and then try to upgrade the encryption algorithm of a VM using that broken feature, that's where the problems occur. 

Did you notice if Fusion 13.5 asked you to upgrade the encryption the first time you powered on the VM after upgrading the Fusion release?

I'd recommend any user that had the experimental vTPM enabled to back up all the files within the VM before upgrade. Then rebuild the VM under Fusion 13.5 using the partial encryption option. 

You may wish to view a blog post by Wil van Antwerpen https://www.vimalin.com/blog/what-you-should-know-about-vmwares-experimental-vtpm/ abut the subject and you'll get an idea of just how broken that feature is. He also has some discussion about how to recover from that mess but there is "some assembly required".

Hmmm, I wonder if I edit the vmx file and removed those lines before placing it into the Vmware folder and then trying to open it?  Will give that a go and let you know.  I did have a look at the article you mentioned prior to finding this forum.  I tried some of that but it didnt work as the VM file was already in the folder.

Thanks for your insight.

Nope, that didnt work.  I have now created a new VM and will try moving the disk files from the original into that one.

So that didnt work either, still got the password message and couldnt open the VM.

I have created a fresh VM and put everything back.  Very dissapointed that this has been forced on people without warning.