zowe · MarkAckert · Dec 22, 2025 · Nov 17, 2025 · Nov 19, 2025 · Martin-Zeithaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Keyring-Utilities Changelog
 
+## `3.2.0`
+
+- `--label-only` and `--owner-only` flags no longer print summary header, and only print certificate content. [#21](https://github.com/zowe/keyring-utilities/pull/21)
+
 ## `3.0.0`
 
 - Added manifest.yaml to PAX file which includes build metadata (#18)

diff --git a/README.md b/README.md
@@ -58,9 +58,16 @@ keyring-util function userid keyring label
   * `EXPORT` - exports a certificate in PEM format. The file is created in a `pwd` directory with a name of `<cert_alias>.pem`
     - Supported Arguments:
         * `-l <label>`: Required. Specifies the certificate to be exported by label.
+        * `-f </path/to/output>`: Required. Specifies where to write out the exported certificate.
+        * `-k`: Optional. Attempts to export the private key in a password-protected binary format (`.p12`).
+          * `-p`: Required and only used with `-k`. Specifies the password that protects the exported binary `.p12`.
 
-    - Example: `keyring-util EXPORT USER01 RING02 -l CERT03`
+    - Example: `keyring-util EXPORT USER01 RING02 -l CERT03 -f ./CERT03.pem`
         * Creates a file CERT03.pem.
+    - Example: `keyring-util EXPORT USER01 RING02 -l CERT03 -k -f ./CERT03.p12 -p mypass`
+        * Creates a file CERT03.p12 which requires `mypass` to open.
+
+    - **NOTE**: The export command can only export private keys when certain security requirements are met. More [information can be found here](https://www.ibm.com/docs/en/zos/3.1.0?topic=library-usage-notes#usgntrdata), section 4 (key for `private key`). Notably, on any security failure, GSK will return `53817370` which is `CMSERR_NO_PRIVATE_KEY`. This can be misleading.
 
   * `IMPORT` - imports a certificate from the PKCS12 format. The certificate can be connected to a keyring as `PERSONAL` or `CERTAUTH`.
     - Supported Arguments:

diff --git a/src/c/keyring_util.c b/src/c/keyring_util.c
@@ -369,9 +369,9 @@ void list_certificate_summary(Certificate_summary *summary, Command_line_parms*
     }
     if (print_this_cert) {
         if (params->print_label_only) {
-            printf("Certificate: %s\n", summary->label); 
+            printf("%s\n", summary->label); 
         } else if (params->print_owner_only) {
-            printf("Owner: %s\n", summary->userid);
+            printf("%s\n", summary->userid);
         } else {
             printf("Certificate: %s\n", summary->label); 
             printf("Owner: %s\n", summary->userid);
@@ -456,7 +456,9 @@ void listring_action(R_datalib_parm_list_64* rdatalib_parms, void * function, Co
     dataAbort.handle = &handle;
     set_up_R_datalib_parameters(&parms, &abortFunc, userid, keyring);
     invoke_R_datalib(&parms);
-    printf("Summary of certificates:\n");
+    if (!params->print_label_only && !params->print_owner_only) {
+        printf("Summary of certificates:\n");
+    }
     for (int j = 0; j < i; j++) {
         list_certificate_summary(summary_list[j], params);
         free(summary_list[j]);