From 2f3ace06eca769747b1fa09d510b21020fc224e9 Mon Sep 17 00:00:00 2001
From: Viktor Tarasov <viktor.tarasov@gmail.com>
Date: Sun, 19 Aug 2012 20:07:17 +0200
Subject: [PATCH] doc: #329: explicit usage of --id for a new keys is
 deprecated

'Id' option in the pkcs15-init commands to import/generate a new key
is deprecated. Better s to let the MW to derive an identifier from
the key material.
---
 doc/tools/pkcs15-init.1.xml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml
index 5771b64e..736b0f9c 100644
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@@ -169,12 +169,12 @@
 				key as a PKCS #15 public key object.
 			</para>
 			<para>
-				Note the use of the <option>--id</option> option. The current
-				<command>pkcs15</command> profile defines two key templates, one for
-				authentication (key ID <literal>45</literal>), and one for non-repudiation purposes (key ID <literal>46</literal>).
-				Other key templates will probably be added in the future. Note that if you don't
-				specify a key ID, <command>pkcs15-init</command> will pick just the first key
-				template defined by the profile.
+				Note that usage of <option>--id</option> option in the <command>pkcs15-init</command>
+                                commands to generate or to import a new key is deprecated.
+                                Better practice is to let the middleware to derive the identifier from the key material.
+                                (SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
+                                This allows easily set up relation between 'related' objects
+                                (private/public keys and certificates).
 			</para>
 			<para>
 				In addition to the PEM key file format, <command>pkcs15-init</command> also