Load any type (RSA/ECDSA) of public key via left|rightsigkey

1 files changed, 6 insertions, 4 deletions

diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index a8933531c..4ee884bcc 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -755,14 +755,16 @@ None of the kernel backends currently supports opaque or port ranges and uses
 .B %any
 for policy installation instead.
 .TP
-.BR leftrsasigkey " = <raw rsa public key> | <path to public key>"
-the left participant's public key for RSA signature authentication, in PKCS#1
-format using hex (0x prefix) or base64 (0s prefix) encoding. With the optional
+.BR leftsigkey " = <raw public key> | <path to public key>"
+the left participant's public key for public key signature authentication,
+in PKCS#1 format using hex (0x prefix) or base64 (0s prefix) encoding. With the
+optional
 .B dns:
 or
 .B ssh:
 prefix in front of 0x or 0s, the public key is expected to be in either
-the RFC 3110 or RFC 4253 public key format, respectively.
+the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format,
+respectively.
 Also accepted is the path to a file containing the public key in PEM or DER
 encoding.
 .TP