Update man pages

pgpainless-cli/packaging/man/pgpainless-cli-armor.1

@@ -42,4 +42,5 @@ Label to be used in the header and tail of the armoring
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-change-key-password.1

@@ -0,0 +1,67 @@
+'\" t
+.\"     Title: pgpainless-cli-change-key-password
+.\"    Author: [see the "AUTHOR(S)" section]
+.\" Generator: Asciidoctor 2.0.10
+.\"    Manual: PGPainless-CLI Manual
+.\"    Source: 
+.\"  Language: English
+.\"
+.TH "PGPAINLESS\-CLI\-CHANGE\-KEY\-PASSWORD" "1" "" "" "PGPainless\-CLI Manual"
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.ss \n[.ss] 0
+.nh
+.ad l
+.de URL
+\fI\\$2\fP <\\$1>\\$3
+..
+.als MTO URL
+.if \n[.g] \{\
+.  mso www.tmac
+.  am URL
+.    ad l
+.  .
+.  am MTO
+.    ad l
+.  .
+.  LINKSTYLE blue R < >
+.\}
+.SH "NAME"
+pgpainless\-cli\-change\-key\-password \- Update the password of a key
+.SH "SYNOPSIS"
+.sp
+\fBpgpainless\-cli change\-key\-password\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP] [\fB\-\-new\-key\-password\fP
+[=\fIPASSWORD\fP]] [\fB\-\-old\-key\-password\fP=\fIPASSWORD\fP]...
+.SH "DESCRIPTION"
+.sp
+Unlock all secret keys from STDIN using the given old passwords and emit them re\-locked using the new password to STDOUT.
+If any (sub\-) key cannot be unlocked, this operation will exit with error code 67.
+.SH "OPTIONS"
+.sp
+\fB\-\-new\-key\-password\fP[=\fIPASSWORD\fP]
+.RS 4
+New password to lock the keys with.
+.sp
+If no new password is passed in, the keys will be emitted unlocked.
+.sp
+Is an INDIRECT data type (e.g. file, environment variable, file descriptor...).
+.RE
+.sp
+\fB\-\-[no\-]armor\fP
+.RS 4
+ASCII armor the output
+.RE
+.sp
+\fB\-\-old\-key\-password\fP=\fIPASSWORD\fP
+.RS 4
+Old passwords to unlock the keys with.
+.sp
+Multiple passwords can be passed in, which are tested sequentially to unlock locked subkeys.
+.sp
+Is an INDIRECT data type (e.g. file, environment variable, file descriptor...).
+.RE
+.sp
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE

pgpainless-cli/packaging/man/pgpainless-cli-dearmor.1

@@ -37,4 +37,5 @@ pgpainless\-cli\-dearmor \- Remove ASCII Armor from standard input
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-decrypt.1

@@ -27,7 +27,7 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-decrypt \- Decrypt a message from standard input
+pgpainless\-cli\-decrypt \- Decrypt a message
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli decrypt\fP [\fB\-\-stacktrace\fP] [\fB\-\-session\-key\-out\fP=\fISESSIONKEY\fP]
@@ -44,7 +44,32 @@ pgpainless\-cli\-decrypt \- Decrypt a message from standard input
 Can be used to learn the session key on successful decryption
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-verify\-not\-after\fP=\fIDATE\fP, \fB\-\-verify\-not\-before\fP=\fIDATE\fP, \fB\-\-verify\-out, \-\-verifications\-out\fP=\fIVERIFICATIONS\fP
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-verify\-not\-after\fP=\fIDATE\fP
+.RS 4
+ISO\-8601 formatted UTC date (e.g. \(aq2020\-11\-23T16:35Z)
+.sp
+Reject signatures with a creation date not in range.
+.sp
+Defaults to current system time (\(aqnow\(aq).
+.sp
+Accepts special value \(aq\-\(aq for end of time.
+.RE
+.sp
+\fB\-\-verify\-not\-before\fP=\fIDATE\fP
+.RS 4
+ISO\-8601 formatted UTC date (e.g. \(aq2020\-11\-23T16:35Z)
+.sp
+Reject signatures with a creation date not in range.
+.sp
+Defaults to beginning of time (\(aq\-\(aq).
+.RE
+.sp
+\fB\-\-verify\-out, \-\-verifications\-out\fP=\fIVERIFICATIONS\fP
 .RS 4
 Emits signature verification status to the designated output
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-encrypt.1

@@ -58,7 +58,12 @@ Profile identifier to switch between profiles
 Sign the output with a private key
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
 .RS 4
 Passphrase to unlock the secret key(s).
 .sp

pgpainless-cli/packaging/man/pgpainless-cli-extract-cert.1

@@ -27,12 +27,13 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-extract\-cert \- Extract a public key certificate from a secret key from standard input
+pgpainless\-cli\-extract\-cert \- Extract a public key certificate from a secret key
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli extract\-cert\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP]
 .SH "DESCRIPTION"
-
+.sp
+Read a secret key from STDIN and emit the public key certificate to STDOUT.
 .SH "OPTIONS"
 .sp
 \fB\-\-[no\-]armor\fP
@@ -42,4 +43,5 @@ ASCII armor the output
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-generate-key.1

@@ -30,8 +30,8 @@
 pgpainless\-cli\-generate\-key \- Generate a secret key
 .SH "SYNOPSIS"
 .sp
-\fBpgpainless\-cli generate\-key\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP] [\fB\-\-profile\fP=\fIPROFILE\fP]
+\fBpgpainless\-cli generate\-key\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-signing\-only\fP] [\fB\-\-stacktrace\fP]
-[\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP] [\fIUSERID\fP...]
+[\fB\-\-profile\fP=\fIPROFILE\fP] [\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP] [\fIUSERID\fP...]
 .SH "DESCRIPTION"
 
 .SH "OPTIONS"
@@ -46,7 +46,17 @@ ASCII armor the output
 Profile identifier to switch between profiles
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
+\fB\-\-signing\-only\fP
+.RS 4
+Generate a key that can only be used for signing
+.RE
+.sp
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
 .RS 4
 Password to protect the private key with
 .sp

pgpainless-cli/packaging/man/pgpainless-cli-inline-detach.1

@@ -47,4 +47,5 @@ Destination to which a detached signatures block will be written
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-inline-sign.1

@@ -27,7 +27,7 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-inline\-sign \- Create an inline\-signed message from data on standard input
+pgpainless\-cli\-inline\-sign \- Create an inline\-signed message
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli inline\-sign\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP] [\fB\-\-as\fP=\fI{binary|text|clearsigned}\fP]
@@ -54,7 +54,12 @@ If \(aq\-\-as=text\(aq and the input data is not valid UTF\-8, inline\-sign fail
 ASCII armor the output
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
 .RS 4
 Passphrase to unlock the secret key(s).
 .sp

pgpainless-cli/packaging/man/pgpainless-cli-inline-verify.1

@@ -27,11 +27,11 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-inline\-verify \- Verify inline\-signed data from standard input
+pgpainless\-cli\-inline\-verify \- Verify an inline\-signed message
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli inline\-verify\fP [\fB\-\-stacktrace\fP] [\fB\-\-not\-after\fP=\fIDATE\fP] [\fB\-\-not\-before\fP=\fIDATE\fP]
-[\fB\-\-verifications\-out\fP=\fI<verificationsOut>\fP] [\fICERT\fP...]
+[\fB\-\-verifications\-out\fP=\fIVERIFICATIONS\fP] [\fICERT\fP...]
 .SH "DESCRIPTION"
 
 .SH "OPTIONS"
@@ -56,7 +56,12 @@ Reject signatures with a creation date not in range.
 Defaults to beginning of time ("\-").
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-verifications\-out\fP=\fI<verificationsOut>\fP
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-verifications\-out\fP=\fIVERIFICATIONS\fP
 .RS 4
 File to write details over successful verifications to
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-list-profiles.1

@@ -37,6 +37,7 @@ pgpainless\-cli\-list\-profiles \- Emit a list of profiles supported by the iden
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE
 .SH "ARGUMENTS"
 .sp

pgpainless-cli/packaging/man/pgpainless-cli-revoke-key.1

@@ -0,0 +1,54 @@
+'\" t
+.\"     Title: pgpainless-cli-revoke-key
+.\"    Author: [see the "AUTHOR(S)" section]
+.\" Generator: Asciidoctor 2.0.10
+.\"    Manual: PGPainless-CLI Manual
+.\"    Source: 
+.\"  Language: English
+.\"
+.TH "PGPAINLESS\-CLI\-REVOKE\-KEY" "1" "" "" "PGPainless\-CLI Manual"
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.ss \n[.ss] 0
+.nh
+.ad l
+.de URL
+\fI\\$2\fP <\\$1>\\$3
+..
+.als MTO URL
+.if \n[.g] \{\
+.  mso www.tmac
+.  am URL
+.    ad l
+.  .
+.  am MTO
+.    ad l
+.  .
+.  LINKSTYLE blue R < >
+.\}
+.SH "NAME"
+pgpainless\-cli\-revoke\-key \- Generate revocation certificates
+.SH "SYNOPSIS"
+.sp
+\fBpgpainless\-cli revoke\-key\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP] [\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP]
+.SH "DESCRIPTION"
+.sp
+Emit revocation certificates for secret keys from STDIN to STDOUT.
+.SH "OPTIONS"
+.sp
+\fB\-\-[no\-]armor\fP
+.RS 4
+ASCII armor the output
+.RE
+.sp
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
+.RS 4
+Passphrase to unlock the secret key(s).
+.sp
+Is an INDIRECT data type (e.g. file, environment variable, file descriptor...).
+.RE

pgpainless-cli/packaging/man/pgpainless-cli-sign.1

@@ -27,7 +27,7 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-sign \- Create a detached signature on the data from standard input
+pgpainless\-cli\-sign \- Create a detached message signature
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli sign\fP [\fB\-\-[no\-]armor\fP] [\fB\-\-stacktrace\fP] [\fB\-\-as\fP=\fI{binary|text}\fP]
@@ -55,7 +55,12 @@ Emits the digest algorithm used to the specified file in a way that can be used
 ASCII armor the output
 .RE
 .sp
-\fB\-\-stacktrace\fP, \fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
+\fB\-\-stacktrace\fP
+.RS 4
+Print stacktrace
+.RE
+.sp
+\fB\-\-with\-key\-password\fP=\fIPASSWORD\fP
 .RS 4
 Passphrase to unlock the secret key(s).
 .sp

pgpainless-cli/packaging/man/pgpainless-cli-verify.1

@@ -27,13 +27,14 @@
 .  LINKSTYLE blue R < >
 .\}
 .SH "NAME"
-pgpainless\-cli\-verify \- Verify a detached signature over the data from standard input
+pgpainless\-cli\-verify \- Verify a detached signature
 .SH "SYNOPSIS"
 .sp
 \fBpgpainless\-cli verify\fP [\fB\-\-stacktrace\fP] [\fB\-\-not\-after\fP=\fIDATE\fP] [\fB\-\-not\-before\fP=\fIDATE\fP] \fISIGNATURE\fP
 \fICERT\fP...
 .SH "DESCRIPTION"
-
+.sp
+Verify a detached signature over some data from STDIN.
 .SH "OPTIONS"
 .sp
 \fB\-\-not\-after\fP=\fIDATE\fP
@@ -58,6 +59,7 @@ Defaults to beginning of time ("\-").
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE
 .SH "ARGUMENTS"
 .sp
@@ -68,4 +70,5 @@ Detached signature
 .sp
 \fICERT\fP...
 .RS 4
+Public key certificates for signature verification
 .RE

pgpainless-cli/packaging/man/pgpainless-cli-version.1

@@ -52,4 +52,5 @@ Print the latest revision of the SOP specification targeted by the implementatio
 .sp
 \fB\-\-stacktrace\fP
 .RS 4
+Print stacktrace
 .RE

pgpainless-cli/packaging/man/pgpainless-cli.1

@@ -41,9 +41,69 @@ Print stacktrace
 .RE
 .SH "COMMANDS"
 .sp
-\fBhelp\fP
+\fBversion\fP
 .RS 4
-Stateless OpenPGP Protocol
+Display version information about the tool
+.RE
+.sp
+\fBlist\-profiles\fP
+.RS 4
+Emit a list of profiles supported by the identified subcommand
+.RE
+.sp
+\fBgenerate\-key\fP
+.RS 4
+Generate a secret key
+.RE
+.sp
+\fBchange\-key\-password\fP
+.RS 4
+Update the password of a key
+.RE
+.sp
+\fBrevoke\-key\fP
+.RS 4
+Generate revocation certificates
+.RE
+.sp
+\fBextract\-cert\fP
+.RS 4
+Extract a public key certificate from a secret key
+.RE
+.sp
+\fBsign\fP
+.RS 4
+Create a detached message signature
+.RE
+.sp
+\fBverify\fP
+.RS 4
+Verify a detached signature
+.RE
+.sp
+\fBencrypt\fP
+.RS 4
+Encrypt a message from standard input
+.RE
+.sp
+\fBdecrypt\fP
+.RS 4
+Decrypt a message
+.RE
+.sp
+\fBinline\-detach\fP
+.RS 4
+Split signatures from a clearsigned message
+.RE
+.sp
+\fBinline\-sign\fP
+.RS 4
+Create an inline\-signed message
+.RE
+.sp
+\fBinline\-verify\fP
+.RS 4
+Verify an inline\-signed message
 .RE
 .sp
 \fBarmor\fP
@@ -56,59 +116,9 @@ Add ASCII Armor to standard input
 Remove ASCII Armor from standard input
 .RE
 .sp
-\fBdecrypt\fP
+\fBhelp\fP
 .RS 4
-Decrypt a message from standard input
+Stateless OpenPGP Protocol
-.RE
-.sp
-\fBinline\-detach\fP
-.RS 4
-Split signatures from a clearsigned message
-.RE
-.sp
-\fBencrypt\fP
-.RS 4
-Encrypt a message from standard input
-.RE
-.sp
-\fBextract\-cert\fP
-.RS 4
-Extract a public key certificate from a secret key from standard input
-.RE
-.sp
-\fBgenerate\-key\fP
-.RS 4
-Generate a secret key
-.RE
-.sp
-\fBsign\fP
-.RS 4
-Create a detached signature on the data from standard input
-.RE
-.sp
-\fBverify\fP
-.RS 4
-Verify a detached signature over the data from standard input
-.RE
-.sp
-\fBinline\-sign\fP
-.RS 4
-Create an inline\-signed message from data on standard input
-.RE
-.sp
-\fBinline\-verify\fP
-.RS 4
-Verify inline\-signed data from standard input
-.RE
-.sp
-\fBlist\-profiles\fP
-.RS 4
-Emit a list of profiles supported by the identified subcommand
-.RE
-.sp
-\fBversion\fP
-.RS 4
-Display version information about the tool
 .RE
 .sp
 \fBgenerate\-completion\fP