break out signature timestamp from key timestamp, allow them to be set independently.

[monkeysphere.git] / man / man1 / pem2openpgp.1

diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1
index 45fd1eeb27fa9fdf8f5ddca3f288a08a835fe9bc..5622bd73c91ebb818753fd6b3012dd2118654edd 100644 (file)
--- a/man/man1/pem2openpgp.1
+++ b/man/man1/pem2openpgp.1
@@ -29,11 +29,19 @@ The following environment variables influence the behavior of
 .ti 3
 \fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in
 seconds since the UNIX epoch) indicated as the creation time (a.k.a
-"not valid before") of the generated certificate.  By default,
+"not valid before") of the generated certificate (self-signature) and
+the key itself.  By default,
 .Nm
 uses the current time.
 .Pp
 .ti 3
+\fBPEM2OPENPGP_KEY_TIMESTAMP\fP controls the timestamp (measured in
+seconds since the UNIX epoch) indicated as the creation time of just
+the key itself (not the self-signature).  By default,
+.Nm
+uses the value from PEM2OPENPGP_TIMESTAMP.
+.Pp
+.ti 3
 \fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of
 valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
 these mean).  The available choices are: certify, sign, encrypt_comms,