diff --git a/secret-sender.1 b/secret-sender.1
new file mode 100644
index 0000000..a42aaac
--- /dev/null
+++ b/secret-sender.1
@@ -0,0 +1,34 @@
+.TH SECRET\-SENDER 1
+.SH NAME
+secret\-sender \- send passwords and tokens manually over insecure channels
+.SH SYNOPSIS
+.B secret\-sender
+send
+
+.B secret\-sender
+receive
+.SH DESCRIPTION
+.B secret\-sender
+requires two users to run the program at the same time in
+cooperation, and paste messages at each other as a communication medium. These
+messages are not secret, so can be pasted on (e.g.) Slack.
+
+Under the hood,
+.B secret\-sender
+uses NaCl Box cryptograpy, or curve25519xsalsa20poly1305. The receiver
+generates an ephemeral keypair and sends the public portion to the sender, who
+encrypts the secret to that key, before sending the ciphertext to the receiver.
+The receiver then recovers the plaintext and terminates, discarding the private
+key.
+
+Neither subcommand takes any arguments, but both ask for user input. Scripting
+this is discouraged: Use \fBejson\fR directly.
+.SH SEND
+Invoked when a user wants to send a secret to another user, \fBsecret\-sender
+send\fR first asks for the public key generated by the user running
+\fBreceieve\fR, then prints the encrypted secret to send to the receiver.
+.SH RECEIVE
+Invoked when a user wants to receieve a secret from a sender, \fBsecret\-sender
+receieve\fR prints a public key to send to the sender, then waits for the
+returned ciphertext from the sender, which it decrypts immediately before
+exiting.