authorized_keys file (usually ~/.ssh/authorized_keys). `a' may be
used in place of `update-authorized_keys'.
.TP
-.B gen-ae-subkey KEYID
-Generate an `ae` capable subkey. For the primary key with the
-specified key ID, generate a subkey with "authentication" and
-"encryption" capability that can be used for MonkeySphere
-transactions. `g' may be used in place of `gen-ae-subkey'.
+.B gen-subkey KEYID
+Generate an `a` capable subkey. For the primary key with the
+specified key ID, generate a subkey with "authentication" capability
+that can be used for MonkeySphere transactions. `g' may be used in
+place of `gen-subkey'.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
GPG keys are considered acceptable if the following criteria are met:
.TP
.B capability
-The key must have both the "authentication" and "encrypt" capability
-flags.
+For host keys, the key must have both the "authentication" ("a") and
+"encrypt" ("e") capability flags. For user keys, the key must have
+the "authentication" ("a") capability flag.
.TP
.B validity
The key must be "fully" valid, and must not be expired or revoked.