diff --git a/doc/tools/piv-tool.1.xml b/doc/tools/piv-tool.1.xml
index 70619cce..cc38089e 100644
--- a/doc/tools/piv-tool.1.xml
+++ b/doc/tools/piv-tool.1.xml
@@ -53,15 +53,18 @@
argument,
argument
- Authenticate to the card using a 2DES or 3DES key.
+ Authenticate to the card using a 2DES, 3DES or AES key.
The argument of the form
{A|M}:ref:alg
is required, were A uses "EXTERNAL AUTHENTICATION"
and M uses "MUTUAL AUTHENTICATION".
ref is normally 9B,
- and alg is 03 for 3DES.
- The key is provided by the card vendor, and the environment variable
- PIV_EXT_AUTH_KEY must point to a text file containing
+ and alg is 03 for 3DES,
+ 01 for 2DES, 08 for AES-128,
+ 0A for AES-192 or 0C for AES-256.
+ The key is provided by the card vendor. The environment variable
+ PIV_EXT_AUTH_KEY must point to either a binary file
+ matching the length of the key or a text file containing
the key in the format:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX