DCPs can be encrypted (see Chapter 9, Encryption for details). If you import an encrypted DCP you will need a key, in the form of a Key Delivery Message (KDM), to decrypt it.
KDMs must be prepared by the organisation which created the DCP. They contain the keys to decrypt the DCP wrapped up in such a way that only the intended recipient can read them. You will need to provide the organisation with a certificate which identifies your copy of DCP-o-matic and allows them to create a KDM for you.
To get DCP-o-matic's decryption certificate, open the Preferences dialogue (see Chapter 10, Preferences) and go to the Keys tab. Click the Export DCP decryption certificate... button at the bottom of this tab and save the certificate. Send this certificate to the DCP creators and they can create a KDM to allow DCP-o-matic to decrypt their DCP.
Once you have your KDM, right-click the DCP's name in DCP-o-matic and choose Add KDM.... Specify your KDM and the DCP will be decrypted and become available for preview.