diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8
index 95403d2..6cdfa9e 100644
--- a/zfs-tpm1x-change-key.8
+++ b/zfs-tpm1x-change-key.8
@@ -12,7 +12,7 @@ First, a connection is made to the TPM, which \fImust\fR be TPM\-1\.X\-compatibl
 .P
 If \fBdataset\fR was previously encrypted with tzpfms and the \fITPM1\.X\fR back\-end was used, the metadata will be silently cleared\. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream\.
 .P
-Next, a new wrapping key is be generated on the TPM, optionally backed up (see \fIOPTIONS\fR), and sealed on the TPM; if the SRK passphrase, set when taking ownership, is not "well\-known" (all zeroes), the user is prompted for it; the user is always prompted for an optional passphrase to protect the key with\.
+Next, a new wrapping key is be generated on the TPM, optionally backed up (see \fIOPTIONS\fR), and sealed on the TPM; the user is prompted for an optional passphrase to protect the key with, and for the SRK passphrase, set when taking ownership, if it is not "well\-known" (all zeroes)\.
 .P
 The following properties are set on \fBdataset\fR:
 .IP "\[ci]" 4
diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html
index 2ecce17..357f219 100644
--- a/zfs-tpm1x-change-key.8.html
+++ b/zfs-tpm1x-change-key.8.html
@@ -92,8 +92,8 @@ Otherwise, or in case of an error, data required for manual intervention will be
 
 <p>Next, a new wrapping key is be generated on the TPM, optionally backed up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>),
 and sealed on the TPM;
-if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it;
-the user is always prompted for an optional passphrase to protect the key with.</p>
+the user is prompted for an optional passphrase to protect the key with,
+and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).</p>
 
 <p>The following properties are set on <code>dataset</code>:</p>
 
diff --git a/zfs-tpm1x-change-key.8.html_fragment b/zfs-tpm1x-change-key.8.html_fragment
index bf0ef53..0d279de 100644
--- a/zfs-tpm1x-change-key.8.html_fragment
+++ b/zfs-tpm1x-change-key.8.html_fragment
@@ -20,8 +20,8 @@ Otherwise, or in case of an error, data required for manual intervention will be
 
 <p>Next, a new wrapping key is be generated on the TPM, optionally backed up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>),
 and sealed on the TPM;
-if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it;
-the user is always prompted for an optional passphrase to protect the key with.</p>
+the user is prompted for an optional passphrase to protect the key with,
+and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).</p>
 
 <p>The following properties are set on <code>dataset</code>:</p>
 
diff --git a/zfs-tpm1x-change-key.md b/zfs-tpm1x-change-key.md
index 31e977a..b9bc7e1 100644
--- a/zfs-tpm1x-change-key.md
+++ b/zfs-tpm1x-change-key.md
@@ -17,8 +17,8 @@ Otherwise, or in case of an error, data required for manual intervention will be
 
 Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]),
 and sealed on the TPM;
-if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it;
-the user is always prompted for an optional passphrase to protect the key with.
+the user is prompted for an optional passphrase to protect the key with,
+and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).
 
 The following properties are set on `dataset`: