From 363661999f4887f9d36b8d489063c78e3abc3128 Mon Sep 17 00:00:00 2001
From: karamellpelle <karamellpelle@hotmail.com>
Date: Sat, 29 Jun 2024 00:07:12 +0200
Subject: [PATCH] Update HOWTO.md

Signed-off-by: karamellpelle <karamellpelle@hotmail.com>
---
 HOWTO.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/HOWTO.md b/HOWTO.md
index 922052f6..1c4fc113 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -29,7 +29,9 @@ pkcs11-module-init-args = <initialization string here>
 
 Once the section is properly constructed add the following statement to the
 provider section. If a provider section does not exist make sure to create one
-with all the needed providers (at least the default provider will be needed):
+with all the needed providers (at least the default provider will be needed - 
+remember to activate it, otherwise the _openssl_ command will not behave 
+correctly):
 
 ```
 [openssl_init]
@@ -65,8 +67,10 @@ $ openssl pkey -in pkcs11:id=%01 -pubin -pubout -text
 ### Specifying keys
 
 When the pkcs11-provider is in use keys are specified using pkcs11 URIs as
-defined in RFC7512. In general keys are either identified by a binary ID, or by
-a label (called "object" in pkcs11 URIs).
+defined in RFC7512. In general keys are either identified by a percent-encoded
+binary ID, or by a label (called "object" in pkcs11 URIs). The command 
+`pkcs11-tool --module /path/to/pkcs11-driver.so --list-objects` can be used to
+find identifiers for your keys.
 
 Example:
 ```