DCPs can be encrypted (see Chapter 10, Encryption for details). If you import an encrypted DCP you will need a key, in the form of a Key Delivery Message (KDM), to decrypt it.
KDMs must be prepared by whoever created the DCP. They contain the keys to decrypt the DCP wrapped up in such a way that only the intended recipient can read them. You will need to provide the KDM creator with a certificate which identifies your copy of DCP-o-matic and allows them to create a KDM for you.
To get DCP-o-matic's decryption certificate, open the Preferences dialogue (see Chapter 11, Preferences) and go to the Keys tab. Click the Export KDM decryption leaf certificate... button at the top of this tab and save the certificate. Send this certificate to the KDM creators and they can make a KDM to allow DCP-o-matic to decrypt the DCP.
Once you have your KDM, right-click the DCP's name in the DCP-o-matic content list and choose Add KDM.... Select your KDM and the DCP will be decrypted and become available for preview.