To load the new master key register for the domain, right click in the Domain Keys page to display the pop-up menu. From the pop-up menu, select the Load new master key option.
You are asked to enter the total number of key parts to be loaded. For each key part, you are guided through the process of selecting a smart card reader to use, inserting a smart card in the reader, entering the PIN, and selecting the key part on the smart card to be loaded. You can cancel at any time.
Key parts on the smart card are encrypted for transport to the host crypto module using Elliptic Curve Diffie-Hellman (ECDH). The first step in ECDH is to generate an IMPORTER key on the crypto module. Generating the key requires a signed command. Therefore, signatures are collected twice when you run the Load New Master Key option – once to generate an IMPORTER key and once to do the final load. Both commands require only a single signature, regardless of how the domain signature threshold is set.