From c93443364ce23ced97a80bfda8f8bb35ec19fcdb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 19:02:44 +0100
Subject: documentation: suggest to generate private key material with
 genpkey(1ssl).

 * Also suggest a command to generate an ECDSA key not just RSA.
 * Hint at which key algorithms are supported.
---
 lacme-accountd.1.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'lacme-accountd.1.md')

diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index a967b67..24e73eb 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -55,10 +55,13 @@ Options
     * `gpg:`*FILE*, to specify a [`gpg`(1)]-encrypted private key (in
       PEM format).
 
-    The following command can be used to generate a new 4096-bits RSA
-    key in PEM format with mode 0600:
+    The [`genpkey`(1ssl)] command can be used to generate a new private
+    (account) key:
 
-        openssl genrsa 4096 | install -m0600 /dev/stdin /path/to/account.key
+        $ install -vm0600 /dev/null /path/to/account.key
+        $ openssl genpkey -algorithm RSA -out /path/to/account.key
+
+    Currently `lacme-accountd` only supports RSA account keys.
 
 `--socket=`*path*
 
@@ -141,3 +144,4 @@ See also
 [`gpg`(1)]: https://www.gnupg.org/documentation/manpage.en.html
 [OpenSSH]: https://www.openssh.com/
 [`ssh`(1)]: https://man.openbsd.org/ssh
+[`genpkey`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-genpkey.html
-- 
cgit v1.2.3