From 5bbce89e6ab1847f85b9437252d06b74ffe875f6 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sun, 21 May 2023 13:46:19 -0400
Subject: Add clarification about empty passwords to doc

---
 manual/cli.rst | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'manual')

diff --git a/manual/cli.rst b/manual/cli.rst
index ef80933e..50f72bb5 100644
--- a/manual/cli.rst
+++ b/manual/cli.rst
@@ -1735,8 +1735,10 @@ Encryption
    --encrypt user-password owner-password key-length [options] --
 
    Either or both of user-password and owner-password may be empty
-   strings. key-length may be 40, 128, or 256. Encryption options are
-   terminated by "--" by itself.
+   strings, though setting either to the empty string enables the file
+   to be opened and decrpyted without a password. key-length may be
+   40, 128, or 256. Encryption options are terminated by "--" by
+   itself.
 
    40-bit encryption is insecure, as is 128-bit encryption without
    AES. Use 256-bit encryption unless you have a specific reason to
@@ -1802,8 +1804,10 @@ To create an encrypted file, use
    --encrypt user-password owner-password key-length [options] --
 
 Either or both of :samp:`{user-password}` and :samp:`{owner-password}`
-may be empty strings. :samp:`{key-length}` may be ``40``, ``128``, or
-``256``. Encryption options are terminated by ``--`` by itself.
+may be empty strings, though setting either to the empty string
+enables the file to be opened and decrpyted without a password..
+:samp:`{key-length}` may be ``40``, ``128``, or ``256``. Encryption
+options are terminated by ``--`` by itself.
 
 40-bit encryption is insecure, as is 128-bit encryption without AES.
 Use 256-bit encryption unless you have a specific reason to use an
-- 
cgit v1.2.3-54-g00ecf