2 files changed, 18 insertions, 3 deletions

diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index d85ee9ff3..537af5159 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -51,6 +51,11 @@ static int pub()
 					type = CRED_PRIVATE_KEY;
 					subtype = KEY_ECDSA;
 				}
+				else if (streq(arg, "pub"))
+				{
+					type = CRED_PUBLIC_KEY;
+					subtype = KEY_ANY;
+				}
 				else if (streq(arg, "pkcs10"))
 				{
 					type = CRED_CERTIFICATE;
@@ -116,6 +121,15 @@ static int pub()
 		public = private->get_public_key(private);
 		private->destroy(private);
 	}
+	else if (type == CRED_PUBLIC_KEY)
+	{
+		public = cred;
+		if (!public)
+		{
+			fprintf(stderr, "parsing public key failed\n");
+			return 1;
+		}
+	}
 	else
 	{
 		cert = cred;
@@ -157,7 +171,7 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		pub, 'p', "pub",
 		"extract the public key from a private key/certificate",
-		{"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]",
+		{"[--in file|--keyid hex] [--type rsa|ecdsa|pub|pkcs10|x509]",
 		 "[--outform der|pem|dnskey|sshkey]"},
 		{
 			{"help",	'h', 0, "show usage information"},
diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in
index a1b9b0ad4..c57e03a40 100644
--- a/src/pki/man/pki---pub.1.in
+++ b/src/pki/man/pki---pub.1.in
@@ -48,8 +48,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
 Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIpkcs10\fR (PKCS#10 certificate request), \fIx509\fR (X.509
-certificate), defaults to \fIrsa\fR.
+private key), \fIpub\fR (public key),
+\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
+defaults to \fIrsa\fR.
 .TP
 .BI "\-f, \-\-outform " encoding
 Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR