Look into:
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
GO
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'your password';
GO
Just went through this and had a tough time finding information on how to fail over.
We are using a symmetric key and creating that on a new server was a problem until I found that both "KEY_SOURCE = " and "IDENTITY_VALUE = " are needed in my case to recreate the key.