sq: The argument to --signer-key, etc. is a key file, not a key

  - The argument to --signer-key, --recipient-key, and
    --revocation-key is a key *file*, not a key.  Update the description
    and the documentation to reflect this.

6 files changed, 53 insertions, 48 deletions

diff --git a/sq/sq-usage.md b/sq/sq-usage.md
index 67b8612e..6a732e93 100644
--- a/sq/sq-usage.md
+++ b/sq/sq-usage.md
@@ -141,8 +141,8 @@ OPTIONS:
             Adds a password to encrypt with.  The message can be decrypted with
             either one of the recipient's keys, or any password.
 
-        --signer-key <KEY>
-            Signs the message with KEY
+        --signer-key <KEY_FILE>
+            Signs the message using the key in KEY_FILE
 
     -t, --time <TIME>
             Chooses keys valid at the specified time and sets the signature's
@@ -215,8 +215,8 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --recipient-key <KEY>
-            Decrypts with KEY
+        --recipient-key <KEY_FILE>
+            Decrypts the message using the key in KEY_FILE
 
         --session-key <SESSION-KEY>
             Decrypts an encrypted message using SESSION-KEY
@@ -292,8 +292,8 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --signer-key <KEY>
-            Signs using KEY
+        --signer-key <KEY_FILE>
+            Signs the message using the key in KEY_FILE
 
     -t, --time <TIME>
             Chooses keys valid at the specified time and sets the signature's
@@ -1777,8 +1777,8 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --recipient-key <KEY>
-            Decrypts the message with KEY
+        --recipient-key <KEY_FILE>
+            Decrypts the message using the key in KEY_FILE
 
         --session-key <SESSION-KEY>
             Decrypts an encrypted message using SESSION-KEY
@@ -2002,11 +2002,12 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --revocation-key <KEY>
-            Signs the revocation certificate using KEY.  If the key is different
-            from the certificate, this creates a third-party revocation.  If
-            this option is not provided, and the certificate includes secret key
-            material, then that key is used to sign the revocation certificate.
+        --revocation-key <KEY_FILE>
+            Signs the revocation certificate using the key in KEY_FILE.  If the
+            key is different from the certificate, this creates a third-party
+            revocation.  If this option is not provided, and the certificate
+            includes secret key material, then that key is used to sign the
+            revocation certificate.
 
     -t, --time <TIME>
             Chooses keys valid at the specified time and sets the revocation
@@ -2099,11 +2100,12 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --revocation-key <KEY>
-            Signs the revocation certificate using KEY.  If the key is different
-            from the certificate, this creates a third-party revocation.  If
-            this option is not provided, and the certificate includes secret key
-            material, then that key is used to sign the revocation certificate.
+        --revocation-key <KEY_FILE>
+            Signs the revocation certificate using the key in KEY_FILE.  If the
+            key is different from the certificate, this creates a third-party
+            revocation.  If this option is not provided, and the certificate
+            includes secret key material, then that key is used to sign the
+            revocation certificate.
 
     -t, --time <TIME>
             Chooses keys valid at the specified time and sets the revocation
@@ -2184,11 +2186,12 @@ OPTIONS:
         --private-key-store <KEY_STORE>
             Provides parameters for private key store
 
-        --revocation-key <KEY>
-            Signs the revocation certificate using KEY.  If the key is different
-            from the certificate, this creates a third-party revocation.  If
-            this option is not provided, and the certificate includes secret key
-            material, then that key is used to sign the revocation certificate.
+        --revocation-key <KEY_FILE>
+            Signs the revocation certificate using the key specified in
+            KEY_FILE.  If the key is different from the certificate, this
+            creates a third-party revocation.  If this option is not provided,
+            and the certificate includes secret key material, then that key is
+            used to sign the revocation certificate.
 
     -t, --time <TIME>
             Chooses keys valid at the specified time and sets the revocation
diff --git a/sq/src/sq_cli/decrypt.rs b/sq/src/sq_cli/decrypt.rs
index 2e3c6a69..ebdd6d67 100644
--- a/sq/src/sq_cli/decrypt.rs
+++ b/sq/src/sq_cli/decrypt.rs
@@ -65,8 +65,8 @@ pub struct Command {
     pub sender_cert_file: Vec<String>,
     #[clap(
         long = "recipient-key",
-        value_name = "KEY",
-        help = "Decrypts with KEY",
+        value_name = "KEY_FILE",
+        help = "Decrypts the message using the key in KEY_FILE",
     )]
     pub secret_key_file: Vec<String>,
     #[clap(
diff --git a/sq/src/sq_cli/encrypt.rs b/sq/src/sq_cli/encrypt.rs
index 2f33e83e..8b95193b 100644
--- a/sq/src/sq_cli/encrypt.rs
+++ b/sq/src/sq_cli/encrypt.rs
@@ -45,8 +45,8 @@ pub struct Command {
     pub recipients_cert_file: Vec<String>,
     #[clap(
         long = "signer-key",
-        value_name = "KEY",
-        help = "Signs the message with KEY",
+        value_name = "KEY_FILE",
+        help = "Signs the message using the key in KEY_FILE",
     )]
     pub signer_key_file: Vec<String>,
     #[clap(
diff --git a/sq/src/sq_cli/packet.rs b/sq/src/sq_cli/packet.rs
index 28ccb97e..fe1f1904 100644
--- a/sq/src/sq_cli/packet.rs
+++ b/sq/src/sq_cli/packet.rs
@@ -111,8 +111,8 @@ pub struct DecryptCommand {
     pub binary: bool,
     #[clap(
         long = "recipient-key",
-        value_name = "KEY",
-        help = "Decrypts the message with KEY",
+        value_name = "KEY_FILE",
+        help = "Decrypts the message using the key in KEY_FILE",
     )]
     pub secret_key_file: Vec<String>,
     #[clap(
diff --git a/sq/src/sq_cli/revoke.rs b/sq/src/sq_cli/revoke.rs
index 824994a2..f10352f0 100644
--- a/sq/src/sq_cli/revoke.rs
+++ b/sq/src/sq_cli/revoke.rs
@@ -89,12 +89,12 @@ an error for the file to contain more than one certificate.",
     pub input: Option<String>,
     #[clap(
         long = "revocation-key",
-        value_name = "KEY",
-        help = "Signs the revocation certificate using KEY",
+        value_name = "KEY_FILE",
+        help = "Signs the revocation certificate using the key in KEY_FILE",
         long_help =
-"Signs the revocation certificate using KEY.  If the key is different \
-from the certificate, this creates a third-party revocation.  If this \
-option is not provided, and the certificate includes secret key material, \
+"Signs the revocation certificate using the key in KEY_FILE.  If the key is \
+different from the certificate, this creates a third-party revocation.  If \
+this option is not provided, and the certificate includes secret key material, \
 then that key is used to sign the revocation certificate.",
     )]
     pub secret_key_file: Option<String>,
@@ -236,13 +236,14 @@ certificate."
     pub input: Option<String>,
     #[clap(
         long = "revocation-key",
-        value_name = "KEY",
-        help = "Signs the revocation certificate using KEY",
+        value_name = "KEY_FILE",
+        help = "Signs the revocation certificate using the key in KEY_FILE",
         long_help =
-"Signs the revocation certificate using KEY.  If the key is different \
-from the certificate, this creates a third-party revocation.  If this \
-option is not provided, and the certificate includes secret key material, \
-then that key is used to sign the revocation certificate.",
+
+"Signs the revocation certificate using the key in KEY_FILE.  If the key \
+is different from the certificate, this creates a third-party revocation.  \
+If this option is not provided, and the certificate includes secret key \
+material, then that key is used to sign the revocation certificate.",
     )]
     pub secret_key_file: Option<String>,
     #[clap(
@@ -369,13 +370,14 @@ certificate."
     pub input: Option<String>,
     #[clap(
         long = "revocation-key",
-        value_name = "KEY",
-        help = "Signs the revocation certificate using KEY",
+        value_name = "KEY_FILE",
+        help = "Signs the revocation certificate using the specified key",
         long_help =
-"Signs the revocation certificate using KEY.  If the key is different \
-from the certificate, this creates a third-party revocation.  If this \
-option is not provided, and the certificate includes secret key material, \
-then that key is used to sign the revocation certificate.",
+"Signs the revocation certificate using the key specified in KEY_FILE.  If \
+the key is different from the certificate, this creates a third-party \
+revocation.  If this option is not provided, and the certificate includes \
+secret key material, then that key is used to sign the revocation \
+certificate.",
     )]
     pub secret_key_file: Option<String>,
     #[clap(
diff --git a/sq/src/sq_cli/sign.rs b/sq/src/sq_cli/sign.rs
index d18990be..5dce2adf 100644
--- a/sq/src/sq_cli/sign.rs
+++ b/sq/src/sq_cli/sign.rs
@@ -86,8 +86,8 @@ pub struct Command {
     pub merge: Option<String>,
     #[clap(
         long = "signer-key",
-        value_name = "KEY",
-        help = "Signs using KEY",
+        value_name = "KEY_FILE",
+        help = "Signs the message using the key in KEY_FILE",
     )]
     pub secret_key_file: Vec<String>,
     #[clap(