.RI [ item ...]
.br
.B add
-.RB [ \-lqrLS ]
+.RB [ \-lqrLKS ]
.RB [ \-a
.IR alg ]
.RB [ \-b | \-B
.I tag
.IR attr ...
.br
+.B getattr
+.I tag
+.I attr
+.br
.B lock
.I qtag
.br
Suppresses the progress indication which is usually generated while
time-consuming key generation tasks are being performed.
.TP
-.BI "\-L, --lim-lee"
+.BI "\-L, \-\-lim-lee"
When generating Diffie-Hellman parameters, generate a Lim-Lee prime
rather than a random (or safe) prime. See the details on Diffie-Hellman
key generation below.
.TP
-.BI "\-S, --subgroup"
+.BI "\-K, \-\-kcdsa"
+When generating Diffie-Hellman parameters, generate a KCDSA-style
+Lim-Lee prime rather than a random (or safe) prime. See the details on
+Diffie-Hellman key generation below.
+.TP
+.BI "\-S, \-\-subgroup"
When generating Diffie-Hellman parameters with a Lim-Lee prime, choose a
generator of a prime-order subgroup rather than a subgroup of order
.RI ( p "- 1)/2."
.IR p ;
the default size is 1024 bits.
.IP
-If no
+If no
.I q
size is selected using the
.B \-B
-option and the Lim-Lee prime option is disabled, then
+option and the Lim-Lee prime options are disabled, then
.I p
is chosen to be a `safe' prime (i.e.,
.IR p \ =\ 2 q \ +\ 1,
.IP
If the
.B \-L
-option was given Lim-Lee primes are selected: the parameters are chosen
+option was given, Lim-Lee primes are selected: the parameters are chosen
such that
.IR p \ =\ 2\ q \*(us0\*(ue\ q \*(us1\*(ue\ q \*(us2\*(ue\ ...\ +\ 1,
where the
option (or 256 bits, if no setting was given).
.IP
If the
+.B \-K
+option was given, KCDSA-style Lim-Lee primes are selected: the
+parameters are chosen such that
+.IR p \ =\ 2\ q\ v \ +\ 1,
+where
+.IR p,
+.I q
+and
+.I v
+are primes.
+.IP
+If the
.B \-S
-option was given, the generator
+or
+.B \-K
+options were given, the generator
.I g
is chosen to generate the subgroup of order
.IR q \*(us0\*(ue;
then an optional
.RB ` , '
and the representation of the normal element \*(*b; an optional
-.RB ` / ';
+.RB ` ; ';
a
.IR "curve type" ,
which is one of
the two field-element parameters
.I a
and
-.IR b
+.IR b
which define the elliptic curve
.IR E ,
separated by an optional
.RB ` , ';
an optional
-.RB ` / ';
-the
+.RB ` ; ';
+the
.IR x -
and
.IR y -coordinates
.RB ` : ';
the order
.I r
-of the group generated by
+of the group generated by
.IR G ;
an optional
.RB ` * ';
-and the
+and the
.I cofactor
.I h
=
the keyring file format is capable of representing an attribute with an
empty value as distinct from a nonexistant attribute, this interface
does not allow empty attributes to be set.
+.SS "getattr"
+Fetches a single attribute of a key. The key whose attribute is to be
+read is given by its
+.IR tag .
+The attribute's value is written to standard output followed by a
+newline. If the key or attribute is absent, a message is written to
+standard error and the program exits nonzero.
.SS "comment"
Sets, deletes or changes the comment attached to a key. The first
argument is a key tag or keyid which names the key to be modified; the