diff --git a/doc/tools/sc-hsm-tool.1.xml b/doc/tools/sc-hsm-tool.1.xml
index 4c42439a..3e76aacb 100644
--- a/doc/tools/sc-hsm-tool.1.xml
+++ b/doc/tools/sc-hsm-tool.1.xml
@@ -54,9 +54,10 @@
filename
- Create a DKEK share encrypted under a user supplied password and saved to the file
+ Create a DKEK share encrypted under a password and save it to the file
given as parameter.Use to provide a password for encryption rather than prompting for one.
+ Use and to randomly generate a password and split is using a (t, n) threshold scheme.
@@ -68,6 +69,7 @@
Prompt for user password, read and decrypt DKEK share and import into SmartCard-HSM.Use to provide a password for decryption rather than prompting for one.
+ Use to specify the number of shares that should be entered to reconstruct the password.
@@ -151,6 +153,24 @@
+
+
+ value
+
+
+ Define threshold for number of password shares required for reconstruction.
+
+
+
+
+
+ value
+
+
+ Define number of password shares.
+
+
+
@@ -194,13 +214,17 @@
ExamplesCreate a DKEK share:sc-hsm-tool --create-dkek-share dkek-share-1.pbe
- Initialize SmartCard-HSM to use a single DKEK share
+ Create a DKEK share with random password split up using a (3, 5) threshold scheme:
+ sc-hsm-tool --create-dkek-share dkek-share-1.pbe --pwd-shares-threshold 3 --pwd-shares-total 5
+ Initialize SmartCard-HSM to use a single DKEK share:sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1
- Import DKEK share
+ Import DKEK share:sc-hsm-tool --import-dkek-share dkek-share-1.pbe
- Wrap referenced key, description and certificate
+ Import DKEK share using a password split up using a (3, 5) threshold scheme for encryption:
+ sc-hsm-tool --import-dkek-share dkek-share-1.pbe --pwd-shares-total 3
+ Wrap referenced key, description and certificate:sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219
- Unwrap key into same or in different SmartCard-HSM with the same DKEK
+ Unwrap key into same or in different SmartCard-HSM with the same DKEK:sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force