diff --git a/doc/age-keygen.1.html b/doc/age-keygen.1.html
index 32e33bb8..39fe29ad 100644
--- a/doc/age-keygen.1.html
+++ b/doc/age-keygen.1.html
@@ -127,7 +127,7 @@ <h2 id="SEE-ALSO">SEE ALSO</h2>
 
 <h2 id="AUTHORS">AUTHORS</h2>
 
-<p>Filippo Valsorda <a href="&#x6d;&#97;&#105;&#x6c;&#x74;&#111;&#58;&#x61;&#x67;&#x65;&#x40;&#102;&#x69;&#x6c;&#105;&#x70;&#112;&#111;&#x2e;&#105;&#x6f;" data-bare-link="true">&#x61;&#x67;&#x65;&#x40;&#x66;&#x69;&#x6c;&#x69;&#x70;&#112;&#111;&#x2e;&#105;&#111;</a></p>
+<p>Filippo Valsorda <a href="mailto:age@filippo.io" data-bare-link="true">age@filippo.io</a></p>
 
 
   <ol class='man-decor man-foot man foot'>
diff --git a/doc/age.1 b/doc/age.1
index c8e979bf..07566a4f 100644
--- a/doc/age.1
+++ b/doc/age.1
@@ -105,10 +105,13 @@ Decrypt using the \fIIDENTITIES\fR at \fIPATH\fR\.
 a\. A file listing \fIIDENTITIES\fR one per line\. Empty lines and lines starting with "\fB#\fR" are ignored as comments\.
 .
 .IP
-b\. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format\. If the private key is password\-protected, the password is requested interactively only if the SSH identity matches the file\. See the \fISSH keys\fR section for more information, including supported key types\.
+b\. A passphrase encrypted age file, containing \fIIDENTITIES\fR one per line like above\. The passphrase is requested interactively\. Note that passphrase\-protected identity files are not necessary for most use cases, where access to the encrypted identity file implies access to the whole system\.
 .
 .IP
-c\. "\fB\-\fR", causing one of the options above to be read from standard input\. In this case, the \fIINPUT\fR argument must be specified\.
+c\. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format\. If the private key is password\-protected, the password is requested interactively only if the SSH identity matches the file\. See the \fISSH keys\fR section for more information, including supported key types\.
+.
+.IP
+d\. "\fB\-\fR", causing one of the options above to be read from standard input\. In this case, the \fIINPUT\fR argument must be specified\.
 .
 .IP
 This option can be repeated\. Identities are tried in the order in which are provided, and the first one matching one of the file\'s recipients is used\. Unused identities are ignored\.
@@ -250,6 +253,27 @@ Enter passphrase:
 .IP "" 0
 .
 .P
+Encrypt and decrypt with a passphrase\-protected identity file:
+.
+.IP "" 4
+.
+.nf
+
+$ age\-keygen | age \-p > key\.age
+Public key: age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5
+Enter passphrase (leave empty to autogenerate a secure one):
+Using the autogenerated passphrase "hip\-roast\-boring\-snake\-mention\-east\-wasp\-honey\-input\-actress"\.
+
+$ age \-r age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5 secrets\.txt > secrets\.txt\.age
+
+$ age \-d \-i key\.age secrets\.txt\.age > secrets\.txt
+Enter passphrase for identity file "key\.age":
+.
+.fi
+.
+.IP "" 0
+.
+.P
 Encrypt and decrypt with an SSH public key:
 .
 .IP "" 4
diff --git a/doc/age.1.html b/doc/age.1.html
index 6e4dc272..badf706f 100644
--- a/doc/age.1.html
+++ b/doc/age.1.html
@@ -162,12 +162,18 @@ <h3 id="Decryption-options">Decryption options</h3>
 <p>  a. A file listing <a href="#RECIPIENTS-AND-IDENTITIES" title="RECIPIENTS AND IDENTITIES" data-bare-link="true">IDENTITIES</a> one per line.
   Empty lines and lines starting with "<code>#</code>" are ignored as comments.</p>
 
-<p>  b. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format.
+<p>  b. A passphrase encrypted age file, containing
+  <a href="#RECIPIENTS-AND-IDENTITIES" title="RECIPIENTS AND IDENTITIES" data-bare-link="true">IDENTITIES</a> one per line like above.
+  The passphrase is requested interactively. Note that passphrase-protected
+  identity files are not necessary for most use cases, where access to the
+  encrypted identity file implies access to the whole system.</p>
+
+<p>  c. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format.
   If the private key is password-protected, the password is requested
   interactively only if the SSH identity matches the file. See the
   <a href="#SSH-keys" title="SSH keys" data-bare-link="true">SSH keys</a> section for more information, including supported key types.</p>
 
-<p>  c. "<code>-</code>", causing one of the options above to be read from standard input.
+<p>  d. "<code>-</code>", causing one of the options above to be read from standard input.
   In this case, the <var>INPUT</var> argument must be specified.</p>
 
 <p>  This option can be repeated. Identities are tried in the order in which
@@ -276,6 +282,19 @@ <h2 id="EXAMPLES">EXAMPLES</h2>
 Enter passphrase:
 </code></pre>
 
+<p>Encrypt and decrypt with a passphrase-protected identity file:</p>
+
+<pre><code>$ age-keygen | age -p &gt; key.age
+Public key: age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5
+Enter passphrase (leave empty to autogenerate a secure one):
+Using the autogenerated passphrase "hip-roast-boring-snake-mention-east-wasp-honey-input-actress".
+
+$ age -r age1yhm4gctwfmrpz87tdslm550wrx6m79y9f2hdzt0lndjnehwj0ukqrjpyx5 secrets.txt &gt; secrets.txt.age
+
+$ age -d -i key.age secrets.txt.age &gt; secrets.txt
+Enter passphrase for identity file "key.age":
+</code></pre>
+
 <p>Encrypt and decrypt with an SSH public key:</p>
 
 <pre><code>$ age -R ~/.ssh/id_ed25519.pub example.jpg &gt; example.jpg.age
@@ -294,7 +313,7 @@ <h2 id="SEE-ALSO">SEE ALSO</h2>
 
 <h2 id="AUTHORS">AUTHORS</h2>
 
-<p>Filippo Valsorda <a href="&#109;&#97;&#105;&#108;&#116;&#x6f;&#x3a;&#97;&#103;&#101;&#64;&#x66;&#x69;&#108;&#x69;&#x70;&#112;&#111;&#46;&#x69;&#x6f;" data-bare-link="true">&#97;&#103;&#x65;&#x40;&#x66;&#x69;&#x6c;&#105;&#x70;&#x70;&#x6f;&#x2e;&#105;&#x6f;</a></p>
+<p>Filippo Valsorda <a href="mailto:age@filippo.io" data-bare-link="true">age@filippo.io</a></p>
 
 
   <ol class='man-decor man-foot man foot'>