This is resolved in Appassure 5.4.1.
To workaround this issue and lock an encryption key on the target core, take the following actions:
- Stop the core service
- Open regedit
- Browse to HKLM\Software\AppRecovery\Core\EncryptionKeys\<GUID of key>\
- Change the value of TemporaryEncryptedPassphraseExpiration to 1
- Start the core service
The encryption key will now show that it does not include the passphrase. In order to mount a recovery point that is encrypted with that encryption key, the passphrase is required to be entered.