diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 2b6a6eae0d..610f331eb3 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -62,11 +62,11 @@ may be preferable to direct use of
 .RS 4
 Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY and SIG(0) keys, the value must be DH (Diffie Hellman); specifying this value will automatically set the
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
 \fB\-T KEY\fR
 option as well\&.
 .sp
-TSIG keys can also by generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
+TSIG keys can also be generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
 \fB\-T KEY\fR\&. Note, however, that
 \fBtsig\-keygen\fR
 produces TSIG keys in a more useful format\&. These algorithms have been deprecated in
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 61e2c692c4..3b8074a82f 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -103,12 +103,12 @@
 	    of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.  For
-	    TKEY and SIG(0) keys, the value must be DH (Diffie Hellman);
-	    specifying this value will automatically set the
-	    <code class="option">-T KEY</code> option as well.
+	    TKEY, the value must be DH (Diffie Hellman); specifying
+	    his value will automatically set the <code class="option">-T KEY</code>
+	    option as well.
 	  </p>
 	  <p>
-	    TSIG keys can also by generated by setting the value to
+	    TSIG keys can also be generated by setting the value to
 	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
 	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
 	    values will automatically set <code class="option">-T KEY</code>. Note,
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 6ed08b9177..f55b7f3ac4 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -121,12 +121,12 @@
 	    of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.  For
-	    TKEY and SIG(0) keys, the value must be DH (Diffie Hellman);
-	    specifying this value will automatically set the
-	    <code class="option">-T KEY</code> option as well.
+	    TKEY, the value must be DH (Diffie Hellman); specifying
+	    his value will automatically set the <code class="option">-T KEY</code>
+	    option as well.
 	  </p>
 	  <p>
-	    TSIG keys can also by generated by setting the value to
+	    TSIG keys can also be generated by setting the value to
 	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
 	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
 	    values will automatically set <code class="option">-T KEY</code>. Note,