from the Security & Encryption guide:
About importing KMS encrypted images
Importing KMS encrypted images is a two-phase operation. In phase one, the
media header and each fragment backup header is read. This data is never
encrypted. However, the backup headers indicate if the fragments file data is
encrypted with KMS or not. In summary, phase one does not require a key.
Phase two rebuilds the catalog .f file, which requires it to read the encrypted
data. The key-tag (KAD in SCSI terms) is stored on the tape by the hardware. The
NBU/BPTM reads the key-tag from the drive, and sends it to KMS for a key lookup.
If KMS has a key, then the phase two processes continues to read the encrypted
data. If KMS has no key, the data is not readable until the KMS has the key
recreated. This is when the pass phrase is important.
If you do not destroy keys, then KMS contains all the keys ever used and you can
import any encrypted tape. Move the keystore to yourDRsite and you do not need
to recreate it.