If the key custodian makes copies of the encryption key available to users and if a user loses his or her password, the key custodian drops the user’s copy of the encryption key and issues another copy of the encryption key to the user with a new password.
In this example, the key custodian assigned a copy of key1 to Bill, and Bill changed his password on key1 to a password known only to him. After losing his password, Bill requests a new key copy from the key custodian.
The key custodian deletes Bill’s copy of the key:
alter encryption key key1 drop encryption for user bill
The key custodian makes a new copy of key1 for user Bill and gives Bill the password:
alter encryption key key1 with passwd 'MotherofSecrets' add encryption with passwd 'over2bill' for user bill
Bill automatically has permission to alter his own copy of key1:
alter encryption key key1 with passwd 'over2bill' modify encryption with passwd 'billsnupasswd'
