(e.g. 22 for ssh) is assumed. `i' may be used in place of
`import\-key'.
.TP
-.B show\-key [KEYID ...]
+.B show\-keys [KEYID ...]
Output information about the OpenPGP certificate(s) for services
offered by the host, including their KEYIDs. If no KEYID is specified
(or if the special string `--all' is used), output information about
all certificates managed by \fBmonkeysphere\-host\fP. `s' may be used
-in place of `show\-key'.
+in place of `show\-keys'.
.TP
.B set\-expire EXPIRE [KEYID]
Extend the validity of the OpenPGP certificate specified until EXPIRE
example, the operator of `https://example.net' may wish to add an
additional servicename of `https://www.example.net' to the certificate
corresponding to the secret key used by the TLS-enabled web server.
-`n+' may be used in place of `add\-hostname'.
+`add-name' or `n+' may be used in place of `add\-servicename'.
.TP
.B revoke\-servicename SCHEME://HOSTNAME[:PORT] [KEYID]
Revoke a service-specific user ID from the specified certificate.
-`n\-' may be used in place of `revoke\-hostname'.
+`revoke-name' or `n\-' may be used in place of `revoke\-servicename'.
.TP
.B add\-revoker REVOKER_KEYID|FILE [KEYID]
Add a revoker to the specified OpenPGP certificate. The revoker can
send it to the public keyservers. PUBLISH THESE CERTIFICATES ONLY IF
YOU ARE SURE THE CORRESPONDING KEY WILL NEVER BE RE-USED!
.TP
-.B publish\-key [KEYID ...]
+.B publish\-keys [KEYID ...]
Publish the specified OpenPGP certificates to the public keyservers.
If the special string `--all' is specified, all of the host's OpenPGP
certificates will be published. `p' may be used in place of
-`publish-key'. Note that there is no way to remove a key from the
+`publish-keys'. NOTE: that there is no way to remove a key from the
public keyservers once it is published!
.TP
.B version
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
-
-
-Other commands:
.TP
.B diagnostics
Review the state of the monkeysphere server host key and report on
/etc/monkeysphere/monkeysphere\-host.conf
System monkeysphere\-host config file.
.TP
-/var/lib/monkeysphere/host_keys.pub.gpg
-A world-readable copy of all of the host's public keys in OpenPGP
-format, including all relevant self-signatures.
+/var/lib/monkeysphere/host_keys.pub.pgp
+
+A world-readable copy of the host's OpenPGP certificates in ASCII
+armored format. This includes the certificates (including the public
+keys, servicename-based User IDs, and most recent relevant
+self-signatures) corresponding to every key used by
+Monkeysphere-enabled services on the host.
.TP
/var/lib/monkeysphere/host/
A locked directory (readable only by the superuser) containing copies
-of all imported secret keys.
+of all imported secret keys (this is the host's GNUPGHOME directory).
.SH AUTHOR
.SH SEE ALSO
.BR monkeysphere (1),
-.BR monkeysphere\-authentication (8),
.BR monkeysphere (7),
.BR gpg (1),
+.BR monkeysphere\-authentication (8),
.BR ssh (1),
.BR sshd (8)