diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml
index f5f473a6..0787f37f 100644
--- a/doc/manual/p11-kit.xml
+++ b/doc/manual/p11-kit.xml
@@ -117,8 +117,7 @@ $ p11-kit list-modules
List all tokens available in system configured PKCS#11 modules.
-$ p11-kit list-tokens pkcs11:token
-$ p11-kit list-tokens --only-uris pkcs11:token
+$ p11-kit list-tokens [--only-uris] pkcs11:token
This retrieves all tokens and displays some of their
@@ -130,28 +129,41 @@ $ p11-kit list-tokens --only-uris pkcs11:token
List Objects
- List objects of a token.
+ List objects matching given PKCS#11 URI.
-$ p11-kit list-objects pkcs11:token
+$ p11-kit list-objects [--login] pkcs11:object_on_token
- This retrieves all objects of the given token and displays
- some of their common attributes.
+ This retrieves all objects that match given PKCS#11 URI and displays
+ some of their common attributes. Storage objects also have their PKCS#11 URI
+ displayed.Import Object
- Import object into a PKCS#11 token.
+ Import object into PKCS#11 token.
$ p11-kit import-object --file=file.pem [--label=label] [--login] pkcs11:token
- This takes either a X.509 certificate or a public key in form of a PEM file
- and imports it into PKCS#11 token that matches given URI.
+ Takes either an X.509 certificate or a public key in the form of a PEM file
+ and imports it into the first token matched by given PKCS#11 URI.
+
+
+
+
+ File containing either an X.509 certificate
+ or a public key in PEM format. This option is required.
+
+
+
+ Assigns label to the imported object.
+
+
@@ -161,24 +173,24 @@ $ p11-kit import-object --file=file.pem [--label=label] [--login&
Export object matching PKCS#11 URI.
-$ p11-kit export-object pkcs11:token
+$ p11-kit export-object [--login] pkcs11:object_on_token
- If a given URI references a storage object that is a X.509 certificate,
- it displays the concents of the certificate in PEM format.
+ Displays PEM formatted contents of the first object matched by given PKCS#11 URI.
+ The matched object has to either be an X.509 certificate or a public key.Delete Object
- Delete objects matching PKCS#11 URI.
+ Delete object matching PKCS#11 URI.
-$ p11-kit delete-object pkcs11:token
+$ p11-kit delete-object [--login] pkcs11:object_on_token
- This destroys every storage object matching given PKCS#11 URI.
+ Destroys the first object matched by given PKCS#11 URI.
@@ -188,21 +200,18 @@ $ p11-kit delete-object pkcs11:token
Generate key-pair on a PKCS#11 token.
-$ p11-kit generate-keypair [--label=label] --type=algorithm {--bits=n|--curve=name} pkcs11:token
+$ p11-kit generate-keypair --type=algorithm {--bits=n|--curve=name} [--label=label] [--login] pkcs11:token
- Generate private-public key-pair of given type on specified PKCS#11 token.
- Should be used together with --type option and one of --bits or --curve options.
+ Generate private-public key-pair of given type on the first
+ token matched by given PKCS#11 URI. This command should be used
+ together with --type option and one of --bits or --curve options.
-
-
- Assigns label to the generated key-pair objects.
- Specify the type of keys to generate.
- Supported values are rsa, ecdsa, ed25519.
+ Supported values are rsa, ecdsa and ed25519.
This option is required.
@@ -213,9 +222,13 @@ $ p11-kit generate-keypair [--label=label] --type=algorithm {--bi
Specify an elliptic curve for the key-pair generation.
- Supported values are secp256r1, secp384r1, secp521r1.
+ Supported values are secp256r1, secp384r1, secp521r1, ed25519 and ed448.
Cannot be used together with --bits option.
+
+
+ Assigns label to the generated key-pair objects.
+
@@ -226,38 +239,56 @@ $ p11-kit generate-keypair [--label=label] --type=algorithm {--bi
List PKCS#11 profiles supported by the token.
-$ p11-kit list-profiles pkcs11:token
+$ p11-kit list-profiles [--login] pkcs11:token
- This searches the given token for profile objects that contain profile IDs
- which are then displayed in human-readable form.
+ Displays profile IDs of the first token matched by given
+ PKCS#11 URI in human-readable form.Add Profile
- Add PKCS#11 profile to the token.
+ Add PKCS#11 profile to a token.
-$ p11-kit add-profile --profile profile pkcs11:token
+$ p11-kit add-profile --profile=profile [--login] pkcs11:token
- Creates a new PKCS#11 profile object on the token if it doesn't already exist.
+ Creates new profile object with given profile ID on the
+ first token matched by given PKCS#11 URI. This command fails
+ if the profile ID already exists on the token.
+
+
+
+
+ Profile ID to add. Value can either
+ be numerical or textual. This option is required.
+
+ Delete Profile
- Delete PKCS#11 profile from the token.
+ Delete PKCS#11 profile from a token.
-$ p11-kit delete-profile --profile profile pkcs11:token
+$ p11-kit delete-profile --profile=profile [--login] pkcs11:token
- Searches the token for profile object that matches given PKCS#11
- profile ID and attempts to destroy it.
+ Destroys all profile objects with given profile ID from
+ the first token matched by given PKCS#11 URI.
+
+
+
+
+ Profile ID to delete. Value can either
+ be numerical or textual. This option is required.
+
+