1. Can you please better explain the situation. Default is the primary Key that is set for Bob. What are these 3 keys used for? Does Bob have a primary key that was created at time of enrollment? The public key portion is used to decrypt the mail message, Which should be the receipient so when you say that you changed owner to Bob. Well if you are attempting to use email encryption you need to have a public portion of the recipients key, and Bob in order to encrypt needs to have both Private and Public key blocks in order to encrypt the message.
2. If you create a mail policy-rule to send email with action of encrypt and specify 3 specific keys. If all the keys are verified and available for mail encryption with messaging enabled on usage flags. Then it will encrypt to all 3 keys. Any of the private key data for these keys will allow the recipient user to decrypt the message.
Hope this helps. If you explain the situation a little better I might be able to help more.