X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/b2973dcf09bc714f8918b2b22faab8b80c60e695..1519ef6617fd7351bd40026b9eeb47c7f7f42234:/progs/catcrypt.1

diff --git a/progs/catcrypt.1 b/progs/catcrypt.1
index c26cbece..d944bfab 100644
--- a/progs/catcrypt.1
+++ b/progs/catcrypt.1
@@ -256,6 +256,15 @@ is
 .BR blowfish-cbc .
 This is the default transform.
 .TP
+.B aead
+Use an `authenticated encryption with additional data' (AEAD) scheme.
+The specific scheme is named by the
+.B cipher
+attribute.  Run
+.B catcrypt show aead
+for a list of supported AEAD schemes; the default is
+.BR chacha20-poly1305 .
+.TP
 .B naclbox
 Use Salsa20 or ChaCha and Poly1305 to secure the bulk data.
 This is nearly the same as the NaCl
@@ -277,6 +286,11 @@ or
 .BR chacha8 ;
 the default is
 .BR salsa20 .
+Nowadays, this is equivalent to the
+.B aead
+transform, using
+.IB cipher -naclbox
+as the cipher.
 .PP
 As well as the KEM itself, a number of supporting algorithms are used.
 These are taken from appropriately named attributes on the key or,
@@ -561,7 +575,7 @@ key-encapsulation key's
 attribute.
 .TP
 .B cipher
-The symmetric encryption algorithms which can be used in a
+The symmetric encryption algorithms which can be named in a
 key-encapsulation key's
 .B cipher
 attribute when using the
@@ -569,18 +583,18 @@ attribute when using the
 bulk transform.
 .TP
 .B mac
-The message authentication algorithms which can be used in a
+The message authentication algorithms which can be named in a
 key-encapsulation key's
 .B mac
 attribute.
 .TP
 .B sig
-The signature algorithms which can be used in a signing key's
+The signature algorithms which can be named in a signing key's
 .B sig
 attribute.
 .TP
 .B hash
-The hash functions which can be used in a key's
+The hash functions which can be named in a key's
 .B hash
 attribute.
 .TP