card: Tweak the checkcmds sub-command.

* tools/gpg-card.c (cmd_checkkeys): Skip not found keys.

2 files changed, 42 insertions, 5 deletions

diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi
index 33cdbd96d..8787793f8 100644
--- a/doc/gpg-card.texi
+++ b/doc/gpg-card.texi
@@ -316,6 +316,40 @@ Write a private key object identified by @var{keygrip} to the card
 under the id @var{keyref}.  Option @option{--force} allows overwriting
 an existing key.
 
+@item CHECKKEYS [--ondisk] [--delete-clear-copy] [--delete-protected-copy]
+@opindex checkkeys
+Print a list of keys noticed on all inserted cards.  With
+@option{--ondisk} only smartcard keys with a copy on disk are listed.
+With @option{--delete-clear-copy} copies of smartcard keys stored on
+disk without any protection will be deleted.  With
+@option{--delete-protected-copy} password protected copies of
+smartcard keys stored on disk will be deleted.
+
+This command creates missing shadow keys.  The delete options print
+the status of the keys before they are deleted.
+
+The format of the output is:
+@table @var
+@item Serial number
+A hex-string with the serial number of the card.
+@item Type
+This gives the type of the card's application.  For example "OpenPGP"
+or "PIV".
+@item Keygrip
+A hex-string identifying a key.
+@item Keyref
+The application slot where the key is stored on the card.  For example
+"OpenPGP.1"
+@item Status
+The status of the key.  The most common value is "shadowed" for a key
+where only the public key along with the card's serial number is
+stored on the disk.  The value "clear" indicates that a copy of the
+card's key is stored unprotected on disk.  The value "protected"
+indicated that a copy of the car's key is stored on disk but is
+protected by a password.  The value "error" may also be shown if there
+was a problem reading information from the card.
+@end table
+
 @item YUBIKEY @var{cmd} @var{args}
 @opindex yubikey
 Various commands pertaining to Yubikey tokens with @var{cmd} being:
diff --git a/tools/gpg-card.c b/tools/gpg-card.c
index 185d04b62..f65a17b3c 100644
--- a/tools/gpg-card.c
+++ b/tools/gpg-card.c
@@ -1397,11 +1397,12 @@ cmd_checkkeys (card_info_t callerinfo, char *argstr)
 
   if (!callerinfo)
     return print_help
-      ("CHECKKEYS [--ondisk] [--delete-clear-copy]\n\n"
+      ("CHECKKEYS [--ondisk] [--delete-clear-copy] [--delete-protected-copy]"
+       "\n\n"
        "Print a list of keys on all inserted cards.  With --ondisk only\n"
        "keys are listed which also have a copy on disk.  Missing shadow\n"
-       "keys are created. With --delete-clear, copies of keys also stored\n"
-       "on disk without any protection will be deleted.\n"
+       "keys are created. With --delete-clear-copy, copies of keys also\n"
+       "stored on disk without any protection will be deleted.\n"
        , 0);
 
 
@@ -1461,11 +1462,13 @@ cmd_checkkeys (card_info_t callerinfo, char *argstr)
               scd_readkey (kinfo->keyref, 1, NULL);
               err = scd_havekey_info (kinfo->grip, &infostr);
             }
-          if (err)
+          if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
             log_error ("Error getting infos for a key: %s\n",
                        gpg_strerror (err));
 
-          if (opt_ondisk && infostr && !strcmp (infostr, "shadowed"))
+          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+            ; /* does not make sense to show this.  */
+          else if (opt_ondisk && infostr && !strcmp (infostr, "shadowed"))
             ; /* Don't print this one.  */
           else
             {