+.PP
+Convert a private key in PEM format (as generated by OpenSSL)
+and load it into factotum:
+.IP
+.EX
+auth/pemdecode 'PRIVATE KEY' key.pem |
+ auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
+.EE
+.PP
+Generate a certificate signing request (CSR) in PEM format:
+.IP
+.EX
+auth/rsa2csr 'CN=example.com' key |
+ auth/pemencode 'CERTIFICATE REQUEST'
+.EE