diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml
index 5771b64e..736b0f9c 100644
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@@ -169,12 +169,12 @@
key as a PKCS #15 public key object.
- Note the use of the option. The current
- pkcs15 profile defines two key templates, one for
- authentication (key ID 45), and one for non-repudiation purposes (key ID 46).
- Other key templates will probably be added in the future. Note that if you don't
- specify a key ID, pkcs15-init will pick just the first key
- template defined by the profile.
+ Note that usage of option in the pkcs15-init
+ commands to generate or to import a new key is deprecated.
+ Better practice is to let the middleware to derive the identifier from the key material.
+ (SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
+ This allows easily set up relation between 'related' objects
+ (private/public keys and certificates).
In addition to the PEM key file format, pkcs15-init also