.Sh SYNOPSIS
.Nm pem2openpgp "$USERID" < mykey.pem | gpg \-\-import
.Pp
-.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem
+.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authenticate,certify pem2openpgp "$USERID" <mykey.pem
.Sh DESCRIPTION
.Nm
is a low-level utility for transforming raw, PEM-encoded RSA secret
.ti 3
\fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in
seconds since the UNIX epoch) indicated as the creation time (a.k.a
-"not valid before") of the generated certificate. By default,
+"not valid before") of the generated certificate (self-signature) and
+the key itself. By default,
.Nm
uses the current time.
.Pp
.ti 3
+\fBPEM2OPENPGP_KEY_TIMESTAMP\fP controls the timestamp (measured in
+seconds since the UNIX epoch) indicated as the creation time of just
+the key itself (not the self-signature). By default,
+.Nm
+uses the value from PEM2OPENPGP_TIMESTAMP.
+.Pp
+.ti 3
\fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of
valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
these mean). The available choices are: certify, sign, encrypt_comms,