From e8980fb172221cbffd7fa672d65da0a806524e72 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 19:36:06 +0100
Subject: documentation: clarify that "file:/path/to/account.key" can point to
 a symmetrically-encrypted private key.

---
 Changelog                  |  2 ++
 config/lacme-accountd.conf |  4 ++--
 lacme-accountd.1.md        | 11 +++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/Changelog b/Changelog
index 39df738..a2cd0bb 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,8 @@ lacme (0.7.1) upstream;
  - documentation: suggest to generate private key material with
    genpkey(1ssl); also suggest a command to generate an ECDSA key not
    just RSA; hint at which key algorithms are supported.
+ - documentation: clarify that "file:/path/to/account.key" can point to
+   a symmetrically-encrypted private key.
 
  -- Guilhem Moulin <guilhem@fripost.org>  Wed, 09 Dec 2020 18:23:22 +0100
 
diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf
index 94d2556..7248eb5 100644
--- a/config/lacme-accountd.conf
+++ b/config/lacme-accountd.conf
@@ -1,8 +1,8 @@
 # The value of "privkey" specifies the (private) account key to use
 # for signing requests.  Currently supported values are:
 #
-#   - file:FILE, to specify an encrypted private key (in PEM format)
-#   - gpg:FILE, to specify a gpg-encrypted private key (in PEM format)
+#   - file:FILE, for a private key in PEM format (optionally encrypted)
+#   - gpg:FILE, for a gpg-encrypted private key
 #
 #privkey = gpg:/path/to/encrypted/account.key.gpg
 #privkey = file:/path/to/account.key
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index 359a6d1..560cfac 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -45,15 +45,14 @@ Options
     file](#configuration-file)** section below for the configuration
     options.
 
-`--privkey=`*arg*
+`--privkey=`*value*
 
 :   Specify the (private) account key to use for signing requests.
-    Currently supported *arg*uments are:
+    Currently supported *value*s are:
 
-    * `file:`*FILE*, to specify an encrypted private key (in PEM
-      format); and
-    * `gpg:`*FILE*, to specify a [`gpg`(1)]-encrypted private key (in
-      PEM format).
+    * `file:`*FILE*, for a private key in PEM format (optionally
+      symmetrically encrypted)
+    * `gpg:`*FILE*, for a [`gpg`(1)]-encrypted private key
 
     The [`genpkey`(1ssl)] command can be used to generate a new private
     (account) key:
-- 
cgit v1.2.3