Document GPG mode in README

README

@@ -21,33 +21,47 @@ See the INSTALL file.
 
 USING GIT-CRYPT
 
-Generate a secret key:
-
-	$ git-crypt keygen /path/to/keyfile
-
-Configure a repository to use encryption:
+Configure a repository to use git-crypt:
 
 	$ cd repo
-	$ git-crypt init /path/to/keyfile
+	$ git-crypt init
 
 Specify files to encrypt by creating a .gitattributes file:
 
 	secretfile filter=git-crypt diff=git-crypt
 	*.key filter=git-crypt diff=git-crypt
 
 Like a .gitignore file, it can match wildcards and should be checked into
-the repository.  See below for more information about .gitattributes
-files.  Make sure you don't accidentally encrypt the .gitattributes
-file itself!
+the repository.  See below for more information about .gitattributes.
+Make sure you don't accidentally encrypt the .gitattributes file itself!
 
-Cloning a repository with encrypted files:
+Share the repository with others (or with yourself) using GPG:
 
-	$ git clone /path/to/repo
-	$ cd repo
-	$ git-crypt init /path/to/keyfile
+	$ git-crypt add-gpg-key USER_ID
+
+USER_ID can be a key ID, a full fingerprint, an email address, or anything
+else that uniquely identifies a key to GPG (see "HOW TO SPECIFY A USER
+ID" in the gpg man page).  Note: `git-crypt add-gpg-key` will add and
+commit a GPG-encrypted key file in the .git-crypt directory of the root
+of your repository.
+
+Alternatively, you can export a symmetric secret key, which you must
+securely convey to collaborators (GPG is not required, and no files
+are added to your repository):
+
+	$ git-crypt export-key /path/to/key
+
+After cloning a repository with encrypted files, unlock with with GPG:
+
+	$ git-crypt unlock
+
+Or with a symmetric key:
+
+	$ git-crypt unlock /path/to/key
 
-That's all you need to do - after running git-crypt init, you can use
-git normally - encryption and decryption happen transparently.
+That's all you need to do - after git-crypt is set up (either with
+`git-crypt init` or `git-crypt unlock`), you can use git normally -
+encryption and decryption happen transparently.
 
 
 CURRENT STATUS

README.md

@@ -22,33 +22,47 @@ See the [INSTALL.md](INSTALL.md) file.
 Using git-crypt
 ---------------
 
-Generate a secret key:
-
-    git-crypt keygen /path/to/keyfile
-
-Configure a repository to use encryption:
+Configure a repository to use git-crypt:
 
     cd repo
-    git-crypt init /path/to/keyfile
+    git-crypt init
 
 Specify files to encrypt by creating a .gitattributes file:
 
     secretfile filter=git-crypt diff=git-crypt
     *.key filter=git-crypt diff=git-crypt
 
 Like a .gitignore file, it can match wildcards and should be checked into
-the repository.  See below for more information about .gitattributes
-files.  Make sure you don't accidentally encrypt the .gitattributes
-file itself!
+the repository.  See below for more information about .gitattributes.
+Make sure you don't accidentally encrypt the .gitattributes file itself!
 
-Cloning a repository with encrypted files:
+Share the repository with others (or with yourself) using GPG:
 
-    git clone /path/to/repo
-    cd repo
-    git-crypt init /path/to/keyfile
+    git-crypt add-gpg-key USER_ID
+
+`USER_ID` can be a key ID, a full fingerprint, an email address, or anything
+else that uniquely identifies a key to GPG (see "HOW TO SPECIFY A USER
+ID" in the gpg man page).  Note: `git-crypt add-gpg-key` will add and
+commit a GPG-encrypted key file in the .git-crypt directory of the root
+of your repository.
+
+Alternatively, you can export a symmetric secret key, which you must
+securely convey to collaborators (GPG is not required, and no files
+are added to your repository):
+
+    git-crypt export-key /path/to/key
+
+After cloning a repository with encrypted files, unlock with with GPG:
+
+    git-crypt unlock
+
+Or with a symmetric key:
+
+    git-crypt unlock /path/to/key
 
-That's all you need to do - after running `git-crypt init`, you can use
-git normally - encryption and decryption happen transparently.
+That's all you need to do - after git-crypt is set up (either with
+`git-crypt init` or `git-crypt unlock`), you can use git normally -
+encryption and decryption happen transparently.
 
 Current Status
 --------------