adding fuller explanation of the relationship between keys and files

1 files changed, 16 insertions, 6 deletions

diff --git a/README b/README
index c9a4741..a43d873 100644
--- a/README
+++ b/README
@@ -60,28 +60,39 @@ Your next step is tell keyringer the GPG key ids to encrypt files to:
     keyringer <keyring> recipients edit
     keyringer <keyring> recipients ls
 
-Encrypting a key
+Managing keys
 ----------------
 
+Each key has a corresponding file in your keys subdirectory.
+
+keyringer is agnostic about how you store your secrets. You may choose to have
+one key file that contains one line for each secret, e.g. a single file called
+secrets with lines such as:
+
+emma : root : secret1
+emma - /dev/hda : : secret2
+
+Or you may also have a different key file for each secret, e.g. a file called
+emma.root that contains the root passphrase for the server named emma and
+another called emma.hda with the passphrase to decrypt /dev/hda on emma.
+
+Encrypting a key
+
     keyringer <keyring> encrypt <file>
 
 Decrypting a key (only to stdout)
----------------------------------
 
     keyringer <keyring> decrypt <file>
 
 Re-encrypting a key
--------------------
 
     keyringer <keyring> recrypt <file>
 
 Appending information to a key
-------------------------------
 
     keyringer <keyring> append <file>
 
 Editing a key
--------------
 
 To edit a key, use
 
@@ -91,7 +102,6 @@ Use this option with caution as it keeps temporary unencrypted data into keyring
 temp folder and at your $EDITOR temp files.
 
 Listing keys
-------------
 
     keyringer <keyring> ls [arguments]