You can use a single PROUTIL REKEY command to change the master key and specify a new cipher for the encryption DB policy.

To change the encryption DB policy cipher, use this syntax:

proutil db-name -C epolicy manage dbpolicy rekey [-Cipher <cipher-number>]

For example, this command changes the encryption DB policy for the sports2020 database to a new cipher:

proutil sports2020 -C epolicy manage dbpolicy rekey -Cipher 3

When you specify a cipher, you'll be prompted to confirm it. If you don't want a new cipher, simply omit the -Cipher qualifier. The utility will use the existing encryption DB policy's cipher, which it displays in a prompt for you to confirm.

If you specify a Password-based encryption (PBE) cipher, you can specify the required passphrase in a filename given as a parameter to -Passphrase. If the operation requires a keystore admin passphrase, insert the admin passphrase before the PBE passphrase. Here's an example with a passphrase: 

proutil db-name -C epolicy manage dbpolicy rekey [-Cipher 3] -Passphrase passphrase.txt

If you omit the passphrase file, the utility prompts you for passphrases.

Successful completion returns this message:
Epolicy Manage DB Policy Rekey completed successfully.(20155)
Note: To ensure propagation of keystore changes in a replication environment, follow the guidelines in Perform roll-forward recovery on encryption-enabled databases.