diff --git a/doc/ChangeLog b/doc/ChangeLog
index 82ca9f25d..92d994d48 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2003-10-28  Werner Koch  <wk@gnupg.org>
+
+	* DETAILS: Add the 'a' value for field 12 and the new field 15.
+
 2003-10-01  David Shaw  <dshaw@jabberwocky.com>
 
 	* samplekeys.asc: Update 99242560.
diff --git a/doc/DETAILS b/doc/DETAILS
index e3d3f421a..e88300b74 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -94,6 +94,7 @@ record.
                 e = encrypt
                 s = sign
                 c = certify
+                a = authentication
 	    A key may have any combination of them in any order.  In
 	    addition to these letters, the primary key has uppercase
 	    versions of the letters to denote the _usable_
@@ -116,6 +117,9 @@ record.
 
 14. Field   Flag field used in the --edit menu output:
 
+15. Field   Used in sec/sbb to print the serial number of a token
+            (internal protect mode 1002) or a '#' if that key is a
+            simple stub (internal protect mode 1001)
 
 All dates are displayed in the format yyyy-mm-dd unless you use the
 option --fixed-list-mode in which case they are displayed as seconds
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 39daffb97..5896c5d88 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2003-10-28  Werner Koch  <wk@gnupg.org>
+
+	* keylist.c (list_keyblock_print): Denote secrets keys stored on a
+	card with an '>'. Print the '#' also for subkeys.
+	(list_keyblock_colon): Introduce new field 15 for sec/ssb to print
+	the serial number.
+
 2003-10-26  David Shaw  <dshaw@jabberwocky.com>
 
 	* g10.c (main): Enhance the version-specific config file code to
diff --git a/g10/keylist.c b/g10/keylist.c
index 06edfa11b..90bc54289 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -621,7 +621,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	sk = node->pkt->pkt.secret_key;
 	keyid_from_sk( sk, keyid );
 
-        printf("sec%c  %4u%c/",(sk->protect.s2k.mode==1001)?'#':' ',
+        printf("sec%c  %4u%c/",(sk->protect.s2k.mode==1001)?'#':
+                               (sk->protect.s2k.mode==1002)?'>':' ',
 	       nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ));
 
 	if(opt.list_options&LIST_SHOW_LONG_KEYID)
@@ -769,7 +770,9 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	    }
 
 	    keyid_from_sk( sk2, keyid2 );
-            printf("ssb   %4u%c/",
+            printf("ssb%c  %4u%c/",
+                   (sk->protect.s2k.mode==1001)?'#':
+                   (sk->protect.s2k.mode==1002)?'>':' ',
 		   nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ));
 	    if(opt.list_options&LIST_SHOW_LONG_KEYID)
 	      printf("%08lX%08lX",(ulong)keyid2[0],(ulong)keyid2[1]);
@@ -902,6 +905,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
     int any=0;
     int trustletter = 0;
     int ulti_hack = 0;
+    int i;
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -961,6 +965,20 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
         putchar(':');
         putchar(':');
         print_capabilities (pk, sk, keyblock);
+        if (secret) {
+          putchar(':'); /* End of field 13. */
+          putchar(':'); /* End of field 14. */
+          if (sk->protect.s2k.mode == 1001)
+            putchar('#'); /* Key is just a stub. */
+          else if (sk->protect.s2k.mode == 1002) {
+            /* Key is stored on an external token (card) or handled by
+               the gpg-agent.  Print the serial number of that token
+               here. */
+            for (i=0; i < sk->protect.ivlen; i++)
+              printf ("%02X", sk->protect.iv[i]);
+          }
+          putchar(':'); /* End of field 15. */
+        }
         putchar('\n');
         if( fpr )
             print_fingerprint( pk, sk, 0 );
@@ -979,7 +997,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
              * Fixme: We need a is_valid flag here too 
              */
 	    if( any ) {
-	        int i;
 	        char *str=uid->attrib_data?"uat":"uid";
 		/* If we're listing a secret key, leave out the
 		   validity values for now.  This is handled better in
@@ -1103,9 +1120,27 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
 			colon_strtime (sk2->expiredate)
                    /* fixme: add LID */ );
             print_capabilities (NULL, sk2, NULL);
+            if (opt.fixed_list_mode) {
+              /* We print the serial number only in fixed list mode
+                 for the primary key so, so avoid questions we print
+                 it for subkeys also only in this mode.  There is no
+                 technical reason, though. */
+              putchar(':'); /* End of field 13. */
+              putchar(':'); /* End of field 14. */
+              if (sk2->protect.s2k.mode == 1001)
+                putchar('#'); /* Key is just a stub. */
+              else if (sk2->protect.s2k.mode == 1002) {
+                /* Key is stored on an external token (card) or handled by
+                   the gpg-agent.  Print the serial number of that token
+                   here. */
+                for (i=0; i < sk2->protect.ivlen; i++)
+                  printf ("%02X", sk2->protect.iv[i]);
+              }
+              putchar(':'); /* End of field 15. */
+            }
             putchar ('\n');
 	    if( fpr > 1 )
-		print_fingerprint( NULL, sk2, 0 );
+              print_fingerprint( NULL, sk2, 0 );
 	}
 	else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
 	    PKT_signature *sig = node->pkt->pkt.signature;
@@ -1208,8 +1243,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
 
 	    if(opt.no_sig_cache && opt.check_sigs && fprokay)
 	      {
-		size_t i;
-
 		printf(":");
 
 		for (i=0; i < fplen ; i++ )