To encrypt IP such that it can be read by a IEEE-1735-2014 V2 compliant third-party tool, you must obtain the public encryption key directly from the third-party tool provider. The third-party key definition must be in the pre-defined format and must be placed within a separate begin_toolblock/end_toolblock pair. During encryption, the Vivado tools use both public keys.
Important: Consult with third-party tool vendors to determine if they support V2 compliance level. Vendors who only support IEEE-1735-2014 version 1 are not compatible with V2 rights.