diff --git a/man2/add_key.2 b/man2/add_key.2
index 58a0e3634..66b1a7301 100644
--- a/man2/add_key.2
+++ b/man2/add_key.2
@@ -88,11 +88,14 @@ argument to
 .BR add_key ():
 .TP
 .IR """user"""
-Keys of the user-defined key type may contain a blob of arbitrary data, and the
+The payload for keys of this type is a blob of arbitrary data
+of up to 32,767 bytes.
+The
 .I description
-may be any valid string, though it is preferred that the description be
-prefixed with a string representing the service to which the key is of interest
-and a colon (for instance
+may be any valid string, though it is preferred that it
+start with a colon-delimited prefix representing the service
+to which the key is of interest
+(for instance
 .IR """afs:mykey""" ).
 .TP
 .I """keyring"""
@@ -108,7 +111,10 @@ should be zero.
 .\" commit 9f6ed2ca257fa8650b876377833e6f14e272848b
 This key type is essentially the same as
 .IR """user""" ,
-but does not provide a read operation,
+but does not provide reading (i.e., the
+.BR keyctl (2)
+.BR KEYCTL_READ
+operation),
 meaning that the key payload is never visible from user space.
 This is suitable for storing username and password pairs in the keyring
 that you do not want to be readable from user space.