If a user loses a password for the encryption key, the key custodian must drop the user’s copy of the encryption key and issues to the user another copy of the encryption key with a new password.
In this example, the key custodian assigned a copy of key1 to Bill (who has user ID “bill”), and Bill changed his password on key1 to a password known only to him. After losing his password, Bill requests a new key copy from the key custodian.
The key custodian deletes Bill’s copy of the key:
alter encryption key key1 drop encryption for user bill
The key custodian makes a new copy of key1 for user Bill and gives Bill the password:
alter encryption key key1 with passwd 'MotherofSecrets' add encryption with passwd 'over2bill' for user bill
Bill automatically has permission to alter his own copy of key1:
alter encryption key key1 with passwd 'over2bill' modify encryption with passwd 'billsnupasswd'
