key-generation algorithms have a subsidiary key size.
.TP
.BI "\-p, \-\-parameters " tag
-Selects a key containing parameter values to copy. Not all
-key-generation algorithms allow the use of shared parameters. A new key
-also inherits attributes from its parameter key.
+Selects a key containing parameter values to copy.
+A new key also inherits attributes from its parameter key.
.TP
.BI "\-A, \-\-seedalg " seed-alg
Use the deterministic random number generator algorithm
Suppresses the progress indication which is usually generated while
time-consuming key generation tasks are being performed.
.TP
+.BI "\-E, \-\-public-exponent"
+Set the public exponent for RSA keys.
+The default is 65537,
+because this seems to be the overwhelmingly popular choice
+among practitioners
+and because it was the exponent used before this option was introduced.
+The value 3 is fine unless you use a completely terrible padding scheme.
+.TP
.BI "\-L, \-\-lim-lee"
When generating Diffie\(enHellman parameters, generate a Lim\(enLee
prime rather than a random (or safe) prime. See the details on
.I x
\(mu
.IR G .
+.TP
+.B x25519
+Generate a private scalar and a corresponding public point on the
+(Montgomery-form) Curve25519 elliptic curve.
+The scalar is simply a random 256-bit string;
+the public key is the
+.IR x -coordinate
+of the corresponding point.
+.TP
+.B x448
+Generate a private scalar and a corresponding public point on the
+(Montgomery-form) Ed448-Goldilocks elliptic curve.
+The scalar is simply a random 256-bit string;
+the public key is the
+.IR x -coordinate
+of the corresponding point.
+.TP
+.B ed25519
+Generate a private key and a corresponding public point on the
+(twisted Edwards-form) Curve25519 elliptic curve.
+The private key is simply a random 256-bit string,
+from which a scalar and secret prefix are derived;
+the public key is the compressed form of the corresponding point.
+.TP
+.B ed448
+Generate a private key and a corresponding public point on the
+(Edwards-form) Ed448-Goldilocks elliptic curve.
+The private key is simply a random 456-bit string,
+from which a scalar and secret prefix are derived;
+the public key is the compressed form of the corresponding point.
+.TP
+.B empty
+Generate an empty key, with trivial contents.
+This is useful as a `parameters' key,
+carrying attributes to be applied to other keys
+if they don't require more detailed parameters.
.SS "expire"
Forces keys to immediately expire. An expired key is not chosen when a
program requests a key by its type. The keys to expire are listed by
any, is removed and no new tag is set. It is an error to set a tag
which already exists on another key, unless you give the
.B \-r
-option, which removes the tag first.
+option.
+.PP
+The following options are recognized.
+.TP
+.B "\-r, \-\-retag"
+Untag the existing key with the desired new tag, if any.
.SS "setattr"
Attaches attributes to a key. The key to which the attributes should be
attached is given by its
.RB ` \-v '
options show more information, such as the exact time of day for expiry
and deletion, key attributes, and a dump of the actual key data. If the
-verbosity level is sufficiently high, passphrases are requested to
-decrypt locked keys. Make sure nobody is looking over your shoulder
-when you do this!
+verbosity level is sufficiently high, secret parts of keys are printed,
+and passphrases are requested to decrypt locked keys. Make sure nobody
+is looking over your shoulder when you do this!
.SS "fingerprint"
Reports a fingerprint (secure hash) on components of requested keys.
The following options are supported: