3 files changed, 71 insertions, 7 deletions
diff --git a/doc/DETAILS b/doc/DETAILS
index f3b51e46f..de6aaa7f8 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -1208,6 +1208,23 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     info available.  The format is the usual ISO string or a number
     with the seconds since Epoch.  <algostr> is the algorithm or curve
     this key uses (e.g. "rsa2048") or a "-" if not known.
+
+*** CERTINFO <certtype> <certref> [<label>]
+
+    This status is mettited for X.509 certifcates.
+    CERTTYPE is a number indicating the type of the certificate:
+     0   := Unknown
+     100 := Regular X.509 cert
+     101 := Trusted X.509 cert
+     102 := Useful X.509 cert
+     110 := Root CA cert in a special format (e.g. DINSIG)
+     111 := Root CA cert as standard X509 cert
+
+    CERTREF identifies the certificate uniquely on the card and may be
+    used to match it with a key's KEYREF.  LABEL is an optional human
+    readable decription of the certificate; it won't have any space in
+    it and is percent encoded.
+
 *** MANUFACTURER <n> [<string>]
 
     This status returns the Manufactorer ID as the unsigned number N.
@@ -1229,12 +1246,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     OPENPGP.129) and <string> is the algoritm or curve name, which
     is available for the key.
 
-*** KEY-TIME <keyref> <timestamp>
-    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref of
-    1 gives the timestamp for the standard OpenPGP signing key, 2 for
-    the encryption key, and 3 for an authentication key.  Note that a
-    KEYPAIRINFO status lines carries the same information and should
-    be preferred.
+*** KEY-TIME <n> <timestamp>
+    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref N
+    of 1 gives the timestamp for the standard OpenPGP signing key, 2
+    for the encryption key, and 3 for an authentication key.  Note
+    that a KEYPAIRINFO status lines carries the same information and
+    should be preferred.
+
+*** KEY-LABEL <keyref> <label>
+    This returns the human readbable label for the keys given by
+    KEYREF.  LABEL won't have any space in it and is percent encoded.
+    This info shall only be used for dispaly purposes.
 
 * Format of the --attribute-fd output
 
diff --git a/scd/app-p15.c b/scd/app-p15.c
index c243d6afa..47a79d7ee 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -3709,6 +3709,8 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
   for (; certinfo; certinfo = certinfo->next)
     {
       char *buf, *p;
+      const char *label;
+      char *labelbuf;
 
       buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
       if (!buf)
@@ -3723,9 +3725,18 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
       p = stpcpy (p, ".");
       bin2hex (certinfo->objid, certinfo->objidlen, p);
 
+      label = (certinfo->label && *certinfo->label)? certinfo->label : "-";
+      labelbuf = percent_data_escape (0, NULL, label, strlen (label));
+      if (!labelbuf)
+        {
+          xfree (buf);
+          return gpg_error_from_syserror ();
+        }
+
       send_status_info (ctrl, "CERTINFO",
                         certtype, strlen (certtype),
                         buf, strlen (buf),
+                        labelbuf, strlen (labelbuf),
                         NULL, (size_t)0);
       xfree (buf);
     }
@@ -4414,6 +4425,37 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       xfree (p);
       return err;
     }
+  else if (!strcmp (name, "KEY-LABEL"))
+    {
+      /* Send KEY-LABEL lines for all private key objects.  */
+      const char *label;
+      char *idbuf, *labelbuf;
+
+      for (prkdf = app->app_local->private_key_info; prkdf;
+           prkdf = prkdf->next)
+        {
+          idbuf = keyref_from_prkdf (app, prkdf);
+          if (!idbuf)
+            return gpg_error_from_syserror ();
+
+          label = (prkdf->label && *prkdf->label)? prkdf->label : "-";
+          labelbuf = percent_data_escape (0, NULL, label, strlen (label));
+          if (!labelbuf)
+            {
+              xfree (idbuf);
+              return gpg_error_from_syserror ();
+            }
+
+          send_status_info (ctrl, name,
+                            idbuf, strlen (idbuf),
+                            labelbuf, strlen(labelbuf),
+                            NULL, 0);
+          xfree (idbuf);
+          xfree (labelbuf);
+        }
+      return 0;
+    }
+
   return gpg_error (GPG_ERR_INV_NAME);
 }
 
diff --git a/scd/command.c b/scd/command.c
index 46474cedc..2be00bb40 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -458,7 +458,7 @@ static const char hlp_learn[] =
   "to the keypair info, information about all certificates stored on the\n"
   "card is also returned:\n"
   "\n"
-  "  S CERTINFO <certtype> <hexstring_with_id>\n"
+  "  S CERTINFO <certtype> <keyref> [<label>]\n"
   "\n"
   "Where CERTTYPE is a number indicating the type of certificate:\n"
   "   0   := Unknown\n"