diff --git a/common/status.h b/common/status.h
index 3de4aa524..8831a0f5f 100644
--- a/common/status.h
+++ b/common/status.h
@@ -57,6 +57,7 @@ enum
     STATUS_NO_PUBKEY,
     STATUS_NO_SECKEY,
     STATUS_NEED_PASSPHRASE_SYM,
+    STATUS_DECRYPTION_KEY,
     STATUS_DECRYPTION_INFO,
     STATUS_DECRYPTION_FAILED,
     STATUS_DECRYPTION_OKAY,
diff --git a/doc/DETAILS b/doc/DETAILS
index d9b1fa673..8c1187287 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -486,6 +486,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** END_DECRYPTION
     Mark the end of the actual decryption process.  This are also
     emitted when in --list-only mode.
+*** DECRYPTION_KEY <fpr> <fpr2> <otrust>
+    This line is emitted when a public key decryption succeeded in
+    providing a session key.  <fpr> is the hexified fingerprint of the
+    actual key used for descryption.  <fpr2> is the fingerprint of the
+    primary key.  <otrust> is the letter with the ownertrust; this is
+    in general a 'u' which stands for ultimately trusted.
 *** DECRYPTION_INFO <mdc_method> <sym_algo>
     Print information about the symmetric encryption algorithm and the
     MDC method.  This will be emitted even if the decryption fails.
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index de98d99c9..177293619 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -335,9 +335,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
   if (DBG_CRYPTO)
     log_printhex ("DEK is:", dek->key, dek->keylen);
 
-  /* Check that the algo is in the preferences and whether it has expired.  */
+  /* Check that the algo is in the preferences and whether it has
+   * expired.  Also print a status line with the key's fingerprint.  */
   {
     PKT_public_key *pk = NULL;
+    PKT_public_key *mainpk = NULL;
     KBNODE pkb = get_pubkeyblock (keyid);
 
     if (!pkb)
@@ -351,9 +353,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
              && !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
       log_info (_("WARNING: cipher algorithm %s not found in recipient"
                   " preferences\n"), openpgp_cipher_algo_name (dek->algo));
+
     if (!err)
       {
-        KBNODE k;
+        kbnode_t k;
+        int first = 1;
 
         for (k = pkb; k; k = k->next)
           {
@@ -361,8 +365,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
                 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
               {
                 u32 aki[2];
-                keyid_from_pk (k->pkt->pkt.public_key, aki);
 
+                if (first)
+                  {
+                    first = 0;
+                    mainpk = k->pkt->pkt.public_key;
+                  }
+
+                keyid_from_pk (k->pkt->pkt.public_key, aki);
                 if (aki[0] == keyid[0] && aki[1] == keyid[1])
                   {
                     pk = k->pkt->pkt.public_key;
@@ -386,6 +396,19 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
         show_revocation_reason (pk, 1);
       }
 
+    if (is_status_enabled () && pk && mainpk)
+      {
+        char pkhex[MAX_FINGERPRINT_LEN*2+1];
+        char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
+
+        hexfingerprint (pk, pkhex, sizeof pkhex);
+        hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+
+        write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
+                             pkhex, mainpkhex, get_ownertrust_info (mainpk));
+
+      }
+
     release_kbnode (pkb);
     err = 0;
   }