From 26adaf519c557c609eac0868b257a2045255f35c Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Wed, 16 Dec 2020 09:34:29 +0100
Subject: [PATCH] man page update, info about generating EC keys

	modified:   doc/tools/pkcs15-init.1.xml
---
 doc/tools/pkcs15-init.1.xml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml
index e7c87383..91b3b29e 100644
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@@ -136,11 +136,12 @@
 				<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
 			</para>
 			<para>
-				where <replaceable>keyspec</replaceable> describes the algorithm and length of the
-				key to be created, such as <literal>rsa/512</literal>. This will create a 512 bit
-				RSA key. Currently, only RSA key generation is supported. Note that cards
-				usually support just a few different key lengths. Almost all cards will support
-				512 and 1024 bit keys, some will support 768 or 2048 as well.
+				where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
+				of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
+				with 2048-bit modulus. If you are generating an EC key, the curve designation must
+				be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
+				the length of key is specified in bytes, for example  <literal>AES:32</literal>
+				or <literal>DES3:24</literal>.
 			</para>
 			<para>
 				<replaceable>nn</replaceable> is the ID of a user PIN installed previously,
@@ -242,7 +243,7 @@
 				you would use
 			</para>
 			<para>
-				<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
+				<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes:256 --auth-id 01</command>
 			</para>
 			<para>
 				By default a random ID is generated for the secret key. You may specify an ID
@@ -332,9 +333,9 @@
 					<listitem>
 						<para>
 							Tells the card to generate new key and store it on the card.
-							<replaceable>keyspec</replaceable> consists of an algorithm name
-							(currently, the only supported name is <option>RSA</option>),
-							optionally followed by a slash and the length of the key in bits.
+							<replaceable>keyspec</replaceable> consists of an algorithm name,
+							optionally followed by a colon ":", slash "/" or hyphen "-" and
+							the parameters of the key to be created.
 							It is a good idea to specify the key ID along with this command,
 							using the <option>id</option> option, otherwise an intrinsic ID
 							will be calculated from the key material. Look the description of
@@ -417,7 +418,7 @@
 					<listitem>
 						<para>
 							<replaceable>keyspec</replaceable> describes the algorithm and length of the
-							key to be created or downloaded, such as <literal>aes/256</literal>.
+							key to be created or downloaded, such as <literal>aes:256</literal>.
 							This will create a 256 bit AES key.
 						</para>
 					</listitem>