diff --git a/common/ChangeLog b/common/ChangeLog
index 1e9c9d179..bf81cf873 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,8 @@
+2002-05-21  Werner Koch  <wk@gnupg.org>
+
+	* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
+	(map_ksba_err): Add a few mappings.
+
 2002-05-14  Werner Koch  <wk@gnupg.org>
 
 	* gettime.c: New.
diff --git a/common/maperror.c b/common/maperror.c
index 30bdf07a5..8b79f51a5 100644
--- a/common/maperror.c
+++ b/common/maperror.c
@@ -33,18 +33,28 @@
 #include "../assuan/assuan.h"
 
 /* Note: we might want to wrap this in a macro to get our hands on
-   the line and file where the error occired */
+   the line and file where the error occured */
 int
 map_ksba_err (int err)
 {
   switch (err)
     {
     case -1:
-    case 0:
+    case 0: 
       break;
 
+    case KSBA_Out_Of_Core: err = GNUPG_Out_Of_Core; break;
+    case KSBA_Invalid_Value: err = GNUPG_Invalid_Value; break;
+    case KSBA_Not_Implemented: err = GNUPG_Not_Implemented; break;
+    case KSBA_Conflict: err = GNUPG_Conflict; break;
+    case KSBA_Read_Error: err = GNUPG_Read_Error; break;
+    case KSBA_Write_Error: err = GNUPG_Write_Error; break;
+    case KSBA_No_Data: err = GNUPG_No_Data; break;
+    case KSBA_Bug: err = GNUPG_Bug; break;
     case KSBA_Unsupported_Algorithm: err = GNUPG_Unsupported_Algorithm; break;
     case KSBA_Invalid_Index: err = GNUPG_Invalid_Index; break;
+    case KSBA_Invalid_Sexp: err = GNUPG_Invalid_Sexp; break;
+    case KSBA_Unknown_Sexp: err = GNUPG_Unknown_Sexp; break;
       
     default:
       err = seterr (General_Error);
@@ -94,6 +104,22 @@ map_gcry_err (int err)
       err = GNUPG_Bug;
       break;
 
+    case GCRYERR_SEXP_INV_LEN_SPEC    :
+    case GCRYERR_SEXP_STRING_TOO_LONG :
+    case GCRYERR_SEXP_UNMATCHED_PAREN :
+    case GCRYERR_SEXP_NOT_CANONICAL   :
+    case GCRYERR_SEXP_BAD_CHARACTER   :
+    case GCRYERR_SEXP_BAD_QUOTATION   :
+    case GCRYERR_SEXP_ZERO_PREFIX     :
+    case GCRYERR_SEXP_NESTED_DH       :
+    case GCRYERR_SEXP_UNMATCHED_DH    :
+    case GCRYERR_SEXP_UNEXPECTED_PUNC :
+    case GCRYERR_SEXP_BAD_HEX_CHAR    :
+    case GCRYERR_SEXP_ODD_HEX_NUMBERS :
+    case GCRYERR_SEXP_BAD_OCT_CHAR    :
+      err = GNUPG_Invalid_Sexp;
+      break;
+
     case GCRYERR_NO_MEM: err = GNUPG_Out_Of_Core; break;
 
     case GCRYERR_NOT_IMPL:  err = GNUPG_Not_Implemented; break;
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 25b88d915..941d66a22 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,8 @@
+2002-05-21  Werner Koch  <wk@gnupg.org>
+
+	* import.c (gpgsm_import): Try to identify the type of input and
+	handle certs-only messages.
+
 2002-05-14  Werner Koch  <wk@gnupg.org>
 
 	* gpgsm.c: New option --faked-system-time
diff --git a/sm/import.c b/sm/import.c
index 69c9d3405..1463407a1 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -43,7 +43,9 @@ gpgsm_import (CTRL ctrl, int in_fd)
   Base64Context b64reader = NULL;
   KsbaReader reader;
   KsbaCert cert = NULL;
+  KsbaCMS cms = NULL;
   FILE *fp = NULL;
+  KsbaContentType ct;
 
   fp = fdopen ( dup (in_fd), "rb");
   if (!fp)
@@ -60,30 +62,94 @@ gpgsm_import (CTRL ctrl, int in_fd)
       goto leave;
     }
 
-  cert = ksba_cert_new ();
-  if (!cert)
-    {
-      rc = seterr (Out_Of_Core);
-      goto leave;
-    }
+  ct = ksba_cms_identify (reader);
+  if (ct == KSBA_CT_SIGNED_DATA)
+    { /* This is probably a signed-only message - import the certs */
+      KsbaStopReason stopreason;
+      int i;
 
-  rc = ksba_cert_read_der (cert, reader);
-  if (rc)
-    {
-      rc = map_ksba_err (rc);
-      goto leave;
-    }
-
-  if ( !gpgsm_basic_cert_check (cert) )
-    {
-      if (!keydb_store_cert (cert))
+      cms = ksba_cms_new ();
+      if (!cms)
         {
-          if (opt.verbose)
-            log_info ("certificate imported\n");
+          rc = seterr (Out_Of_Core);
+          goto leave;
+        }
+
+      rc = ksba_cms_set_reader_writer (cms, reader, NULL);
+      if (rc)
+        {
+          log_error ("ksba_cms_set_reader_writer failed: %s\n",
+                     ksba_strerror (rc));
+          rc = map_ksba_err (rc);
+          goto leave;
+        }
+
+
+      do 
+        {
+          rc = ksba_cms_parse (cms, &stopreason);
+          if (rc)
+            {
+              log_error ("ksba_cms_parse failed: %s\n", ksba_strerror (rc));
+              rc = map_ksba_err (rc);
+              goto leave;
+            }
+
+          if (stopreason == KSBA_SR_BEGIN_DATA)
+              log_info ("not a certs-only message\n");
+        }
+      while (stopreason != KSBA_SR_READY);   
+      
+      for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
+        {
+          if ( !gpgsm_basic_cert_check (cert) )
+            {
+              if (!keydb_store_cert (cert))
+                {
+                  if (opt.verbose)
+                    log_info ("certificate imported\n");
+                }
+            }
+          ksba_cert_release (cert); 
+          cert = NULL;
+        }
+
+    }
+  else if (ct == KSBA_CT_NONE)
+    { /* Failed to identify this message - assume a certificate */
+
+      cert = ksba_cert_new ();
+      if (!cert)
+        {
+          rc = seterr (Out_Of_Core);
+          goto leave;
+        }
+
+      rc = ksba_cert_read_der (cert, reader);
+      if (rc)
+        {
+          rc = map_ksba_err (rc);
+          goto leave;
+        }
+      
+      if ( !gpgsm_basic_cert_check (cert) )
+        {
+          if (!keydb_store_cert (cert))
+            {
+              if (opt.verbose)
+                log_info ("certificate imported\n");
+            }
         }
     }
-      
+  else
+    {
+      log_error ("can't extract certificates from input\n");
+      rc = GNUPG_No_Data;
+    }
+   
+
  leave:
+  ksba_cms_release (cms);
   ksba_cert_release (cert);
   gpgsm_destroy_reader (b64reader);
   if (fp)