diff --git a/scd/app-common.h b/scd/app-common.h
index 57618c30f..ee0ba0e2e 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -217,9 +217,10 @@ app_get_slot (app_t app)
 unsigned int app_help_count_bits (const unsigned char *a, size_t len);
 gpg_error_t app_help_get_keygrip_string_pk (const void *pk, size_t pklen,
                                             char *hexkeygrip,
-                                            gcry_sexp_t *r_pkey);
+                                            gcry_sexp_t *r_pkey,
+                                            int *r_algo);
 gpg_error_t app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip,
-                                         gcry_sexp_t *r_pkey);
+                                         gcry_sexp_t *r_pkey, int *r_algo);
 gpg_error_t app_help_pubkey_from_cert (const void *cert, size_t certlen,
                                        unsigned char **r_pk, size_t *r_pklen);
 size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
index 8dc643429..84d4b2aa7 100644
--- a/scd/app-dinsig.c
+++ b/scd/app-dinsig.c
@@ -137,7 +137,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
       ksba_cert_release (cert);
       return err;
     }
-  err = app_help_get_keygrip_string (cert, hexkeygrip, NULL);
+  err = app_help_get_keygrip_string (cert, hexkeygrip, NULL, NULL);
   if (err)
     {
       log_error ("failed to calculate the keygrip for FID 0x%04X\n", fid);
diff --git a/scd/app-help.c b/scd/app-help.c
index 4be9b8776..f2b592399 100644
--- a/scd/app-help.c
+++ b/scd/app-help.c
@@ -54,12 +54,13 @@ app_help_count_bits (const unsigned char *a, size_t len)
 /* Return the KEYGRIP for the canonical encoded public key (PK,PKLEN)
  * as an hex encoded string in the user provided buffer HEXKEYGRIP
  * which must be of at least 41 bytes.  If R_PKEY is not NULL and the
- * function succeeded, the S-expression representing the key is
- * stored there.  The caller needs to call gcry_sexp_release on
- * that.  */
+ * function succeeded, the S-expression representing the key is stored
+ * there.  The caller needs to call gcry_sexp_release on that.  If
+ * R_ALGO is not NULL the public key algorithm id of Libgcrypt is
+ * stored there.  */
 gpg_error_t
 app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
-                                gcry_sexp_t *r_pkey)
+                                gcry_sexp_t *r_pkey, int *r_algo)
 {
   gpg_error_t err;
   gcry_sexp_t s_pkey;
@@ -77,6 +78,9 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
       return gpg_error (GPG_ERR_GENERAL); /* Failed to calculate the keygrip.*/
     }
 
+  if (r_algo)
+    *r_algo = get_pk_algo_from_key (s_pkey);
+
   if (r_pkey)
     *r_pkey = s_pkey;
   else
@@ -92,10 +96,11 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
  * string in the user provided buffer HEXKEYGRIP which must be of at
  * least 41 bytes.  If R_PKEY is not NULL and the function succeeded,
  * the S-expression representing the key is stored there.  The caller
- * needs to call gcry_sexp_release on that. */
+ * needs to call gcry_sexp_release on that.  If R_ALGO is not NULL the
+ * public key algorithm id of Libgcrypt is stored there. */
 gpg_error_t
 app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip,
-                             gcry_sexp_t *r_pkey)
+                             gcry_sexp_t *r_pkey, int *r_algo)
 {
   gpg_error_t err;
   ksba_sexp_t p;
@@ -110,7 +115,8 @@ app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip,
   n = gcry_sexp_canon_len (p, 0, NULL, NULL);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
-  err = app_help_get_keygrip_string_pk ((void*)p, n, hexkeygrip, r_pkey);
+  err = app_help_get_keygrip_string_pk ((void*)p, n, hexkeygrip,
+                                        r_pkey, r_algo);
   ksba_free (p);
   return err;
 }
diff --git a/scd/app-nks.c b/scd/app-nks.c
index ad061dffa..71e7e51e9 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -251,7 +251,7 @@ keygripstr_from_pk_file (app_t app, int pkfid, int cfid, char *r_gripstr)
           return err;
         }
 
-      err = app_help_get_keygrip_string_pk (pk, pklen, r_gripstr, NULL);
+      err = app_help_get_keygrip_string_pk (pk, pklen, r_gripstr, NULL, NULL);
       xfree (pk);
       if (err)
         log_error ("nks: error getting keygrip for certificate %04X: %s\n",
diff --git a/scd/app-p15.c b/scd/app-p15.c
index 62f4ab1e3..602e97e2c 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -2694,7 +2694,7 @@ keygrip_from_prkdf (app_t app, prkdf_object_t prkdf)
     err = ksba_cert_init_from_mem (cert, der, derlen);
   xfree (der);
   if (!err)
-    err = app_help_get_keygrip_string (cert, prkdf->keygrip, &s_pkey);
+    err = app_help_get_keygrip_string (cert, prkdf->keygrip, &s_pkey, NULL);
   if (!err)
     {
       /* Try to get the CN and the SerialNumber from the certificate;
diff --git a/scd/app-piv.c b/scd/app-piv.c
index e6298e575..e0bf886cd 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -526,7 +526,7 @@ add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
 }
 
 
-/* Function to build a list of TLV and return the result in a mallcoed
+/* Function to build a list of TLV and return the result in a malloced
  * buffer.  The varargs are tuples of (int,size_t,void) each with the
  * tag, the length and the actual data.  A (0,0,NULL) tuple terminates
  * the list.  Up to 10 tuples are supported.  If SECMEM is true the
@@ -1331,7 +1331,7 @@ get_keygrip_by_tag (app_t app, unsigned int tag,
       err = ksba_cert_init_from_mem (cert, certbuf, certbuflen);
       if (err)
         goto leave;
-      err = app_help_get_keygrip_string (cert, *r_keygripstr, NULL);
+      err = app_help_get_keygrip_string (cert, *r_keygripstr, NULL, NULL);
     }
 
  leave:
@@ -1539,7 +1539,7 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyrefstr, unsigned int flags,
       char idbuf[50];
       const char *usage;
 
-      err = app_help_get_keygrip_string_pk (pk, pklen, keygripstr, NULL);
+      err = app_help_get_keygrip_string_pk (pk, pklen, keygripstr, NULL, NULL);
       if (err)
         {
           log_error ("app_help_get_keygrip_string_pk failed: %s\n",
diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c
index b0b2f31d0..583a34fed 100644
--- a/scd/app-sc-hsm.c
+++ b/scd/app-sc-hsm.c
@@ -1355,7 +1355,7 @@ keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr)
     err = ksba_cert_init_from_mem (cert, der, derlen);
   xfree (der);
   if (!err)
-    err = app_help_get_keygrip_string (cert, r_gripstr, NULL);
+    err = app_help_get_keygrip_string (cert, r_gripstr, NULL, NULL);
   ksba_cert_release (cert);
 
   return err;
diff --git a/scd/command.c b/scd/command.c
index 98095f259..f0c3b86a2 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -651,7 +651,7 @@ do_readkey (card_t card, ctrl_t ctrl, const char *line,
           char keygripstr[KEYGRIP_LEN*2+1];
 
           rc = app_help_get_keygrip_string_pk (*pk_p, *pklen_p,
-                                               keygripstr, NULL);
+                                               keygripstr, NULL, NULL);
           if (rc)
             {
               log_error ("app_help_get_keygrip_string failed: %s\n",