diff --git a/docs/PRIMARY_PROTOCOL.md b/docs/PRIMARY_PROTOCOL.md
index c0d31fbdfedb3d50176bc1e2cf30cb70ff07e92d..ff13f32252478697dc287a8571d236df28cb2f2a 100644
--- a/docs/PRIMARY_PROTOCOL.md
+++ b/docs/PRIMARY_PROTOCOL.md
@@ -285,8 +285,18 @@ authentication page should include a javascript shim, hosted at:
 
 ### 6.1 Public Key Format
 
-BrowserID public keys make use of Cryptographic Algorithms for JWS as [listed here](http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-00.html#SigningAlgs).
-The private/public key pair can be generated using OpenSSL.
+The public key is a JSON Web Algorihtms (JWA) public key as [listed here](http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-00.html#SigningAlgs).
+This is a private/public key pair than can be generated using OpenSSL. The
+EyeDeeMe service has a [.well-known/browserid document](https://eyedee.me/.well-known/browserid)
+that shows exactly what the [Mozilla Wiki](https://wiki.mozilla.org/Identity/BrowserID#Public_Key)
+means in the example.
+
+Generate a public key JSON document in Ruby:
+
+    private_key = OpenSSL::PKey::RSA.new(1024)
+    public_key = private_key.public_key
+    {"algorithm"=> "RS", "n" => public_key.n.to_s, "e" => public_key.e.to_s }.to_json
+    
 
 ### 6.2 Certificate Format