clarifying usage for the -l -r option

1 files changed, 10 insertions, 4 deletions

diff --git a/pk12util.1 b/pk12util.1
index b87558a..deef1d0 100644
--- a/pk12util.1
+++ b/pk12util.1
@@ -128,7 +128,7 @@ Specify the desired length of the symmetric key to be used to encrypt the certif
 .B -r
 
 .IP
-Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in ASCII (a PEM file).
+Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.
 
 .SH Return Codes 
 
@@ -247,9 +247,11 @@ Re-enter password:
 .PP
 The information in a 
 .B .p12
-file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable ASCII format or can be printed in a DER binary format (
+file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the 
+.B .p12
+file. Alternatively, the 
 .B -r
-) so that the output can be fed to another application, like OpenSSL.
+is used to print the certificates and then export them into separate DER binary files, with one certificate in each file. This allows the certificates to be fed to another application, like OpenSSL.
     
 .nf
 pk12util -l p12File [-h tokenname] [-r] [-d dir] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
@@ -283,7 +285,11 @@ Certificate:
 .PP
 For example, this uses the 
 .B -r
-argument to output the DER information:
+argument to output the DER information. Each certificate is also written to a sequentially-number file, beginning with 
+.B file0001.der
+and continuing through 
+.B file000N.der
+, incrementing the number for every certificate:
 .nf
 # pk12util -l test.p12 -r
 Enter password for PKCS12 file: