From dc93b271594dcd61f486e676656e95e58c69aed6 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@yubico.com>
Date: Wed, 9 Mar 2011 10:01:35 +0100
Subject: [PATCH] Clarifications.

---
 ykpersonalize.1 | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/ykpersonalize.1 b/ykpersonalize.1
index 6ef28c2..bf8b69e 100644
--- a/ykpersonalize.1
+++ b/ykpersonalize.1
@@ -43,7 +43,8 @@ ykpersonalize - personalize Yubikey OTP tokens
 .PP
 Set the AES key, user ID and other settings in a Yubikey.  For the complete
 explanation of the meaning of all parameters, see the reference
-manual: http://yubico.com/files/YubiKey_manual-2.0.pdf
+manual:
+.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual"
 .TP
 \fB\-1\fR
 change the first configuration.  This is the default and is
@@ -81,21 +82,23 @@ Salt to be used when deriving key from a password.
 If none is given, a unique random one will be generated.
 .TP
 \fBfixed\fR=\fIfffffffffff\fR
-The public modhex identity of key, 0-16 characters long.
+The modhex \fIpublic identity\fR of the Yubikey, 0-16 characters long.
 It's possible to give the identity in hex as well, just prepend the
 value with `h:'. The fixed part is emitted before the OTP when the
-button on the YubiKey is pressed. It can be used as an identifier for
+button on the Yubikey is pressed. It can be used as an identifier for
 the user, for example.
 .TP
 \fBuid\fR=\fIuuuuuu\fR
-The uid part of the generated ticket, in hex.
-Must be 12 characters long. The uid is 6 bytes of data that is encrypted
-in every OTP, and is used to validate that an OTP was in fact encrypted
-with the AES key shared between the YubiKey and validation service.
+The uid part of the generated OTP, in hex.
+Must be 12 characters long. The uid is 6 bytes of static data that is included
+(encrypted) in every OTP, and is used to validate that an OTP was in fact encrypted
+with the AES key shared between the Yubikey and the validation service. It cannot
+be used to identify the Yubikey as it is only readable to those that know
+the AES key.
 .TP
 \fBaccess\fR=\fIfffffffffff\fR
-New hex access code to set.
-Must be 12 characters long.
+New hex access code to set. Must be 12 characters long.
+If an access code is set, it will be required for subsequent reprogramming of the Yubikey.
 .TP 
 [\-]\fIticket-flag\fR
 Set/clear ticket flag, see the section `Ticket flags\&'
@@ -233,7 +236,7 @@ can be supplied with -a.
 .PP
 The token identifier can be set with the -ofixed= option.
 See section "5.3.4 - OATH-HOTP Token Identifier" of the
-.URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual"
+.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual"
 for details, but in short the token identifier is 2 bytes manufacturer prefix,
 2 bytes token type and then 8 bytes manufacturer unique ID.
 
-- 
2.39.5