diff --git a/docs/man/rpmkeys.8.md b/docs/man/rpmkeys.8.md
index 9d4105939f..e65e989bdf 100644
--- a/docs/man/rpmkeys.8.md
+++ b/docs/man/rpmkeys.8.md
@@ -12,7 +12,7 @@ rpmkeys - RPM Keyring
 SYNOPSIS
 ========
 
-**rpmkeys** {**\--import\|\--checksig**}
+**rpmkeys** {**\--list\|\--import\|\--delete\|\--checksig**}
 
 DESCRIPTION
 ===========
@@ -23,6 +23,10 @@ The general forms of rpm digital signature commands are
 
 **rpmkeys** {**-K\|\--checksig**} *PACKAGE\_FILE \...*
 
+**rpmkeys** **\--list** \[*KEYHASH \...*\]
+
+**rpmkeys** **\--delete** *KEYHASH \...*
+
 The **\--checksig** option checks all the digests and signatures
 contained in *PACKAGE\_FILE* to ensure the integrity and origin of the
 package. Note that signatures are now verified whenever a package is
@@ -37,13 +41,21 @@ example, all currently imported public keys can be displayed by:
 
 **rpm -q gpg-pubkey**
 
-Details about a specific public key, when imported, can be displayed by
+A more convenient way to display them is
+
+**rpmkeys** **\--list**
+
+More details about a specific public key, when imported, can be displayed by
 querying. Here\'s information about the Red Hat GPG/DSA key:
 
 **rpm -qi gpg-pubkey-db42a60e**
 
 Finally, public keys can be erased after importing just like packages.
-Here\'s how to remove the Red Hat GPG/DSA key
+Here\'s how to remove the Red Hat GPG/DSA key:
+
+**rpmkeys** **\--delete db42a60e**
+
+Or alternatively:
 
 **rpm -e gpg-pubkey-db42a60e**
 
diff --git a/tests/rpmdb.at b/tests/rpmdb.at
index 1ff60e9088..1446f6222f 100644
--- a/tests/rpmdb.at
+++ b/tests/rpmdb.at
@@ -56,7 +56,7 @@ runroot rpm \
 [ignore])
 RPMTEST_CLEANUP
 
-AT_SETUP([rpm -qa 3])
+AT_SETUP([rpm -qa and rpmkeys])
 AT_KEYWORDS([rpmdb query])
 RPMDB_INIT
 
@@ -82,8 +82,43 @@ gpg-pubkey-1964c5fc-58e63918
 hello-2.0-1.x86_64
 ],
 [])
+
+RPMTEST_CHECK([
+runroot rpmkeys --list
+],
+[0],
+[1964c5fc-58e63918: rpm.org RSA testkey <rsa@rpm.org> public key
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --list 1964c5fc
+],
+[0],
+[1964c5fc-58e63918: rpm.org RSA testkey <rsa@rpm.org> public key
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --list XXX
+],
+[1],
+[package gpg-pubkey-XXX is not installed
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --delete 1964c5fc
+runroot rpmkeys --list
+],
+[1],
+[package gpg-pubkey is not installed
+],
+[])
 RPMTEST_CLEANUP
 
+
+
 # ------------------------------
 # Run rpm -q <package> where <package> exists in the db.
 AT_SETUP([rpm -q foo])
diff --git a/tools/rpmkeys.c b/tools/rpmkeys.c
index afaffe5013..6a9699b5f4 100644
--- a/tools/rpmkeys.c
+++ b/tools/rpmkeys.c
@@ -2,6 +2,7 @@
 
 #include <popt.h>
 #include <rpm/rpmcli.h>
+#include <rpm/rpmstring.h>
 #include "cliutils.h"
 #include "debug.h"
 
@@ -22,12 +23,10 @@ static struct poptOption keyOptsTable[] = {
 	N_("import an armored public key"), NULL },
     { "test", '\0', POPT_ARG_NONE, &test, 0,
 	N_("don't import, but tell if it would work or not"), NULL },
-#if 0
-    { "delete-key", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELKEY,
+    { "delete", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELKEY,
+	N_("delete keys from RPM keyring"), NULL },
+    { "list", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_LISTKEY,
 	N_("list keys from RPM keyring"), NULL },
-    { "list-keys", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_LISTKEY,
-	N_("list keys from RPM keyring"), NULL },
-#endif
     POPT_TABLEEND
 };
 
@@ -42,6 +41,20 @@ static struct poptOption optionsTable[] = {
     POPT_TABLEEND
 };
 
+static ARGV_t gpgkeyargs(ARGV_const_t args) {
+    ARGV_t gpgargs = argvNew();
+    for (char * const * arg = args; *arg; arg++) {
+	if (strncmp(*arg, "gpg-pubkey-", 11)) {
+	    char * gpgarg = rpmExpand("gpg-pubkey-", *arg, NULL);
+	    argvAdd(&gpgargs, gpgarg);
+	    free(gpgarg);
+	} else {
+	    argvAdd(&gpgargs, *arg);
+	}
+    }
+    return gpgargs;
+}
+
 int main(int argc, char *argv[])
 {
     int ec = EXIT_FAILURE;
@@ -73,9 +86,23 @@ int main(int argc, char *argv[])
 	    rpmtsSetFlags(ts, (rpmtsFlags(ts)|RPMTRANS_FLAG_TEST));
 	ec = rpmcliImportPubkeys(ts, args);
 	break;
-    /* XXX TODO: actually implement these... */
     case MODE_DELKEY:
+	struct rpmInstallArguments_s * ia = &rpmIArgs;
+	ARGV_t gpgargs = gpgkeyargs(args);
+	ec = rpmErase(ts, ia, gpgargs);
+	argvFree(gpgargs);
+	break;
     case MODE_LISTKEY:
+	ARGV_t query = NULL;
+	if (args != NULL) {
+	    query = gpgkeyargs(args);
+	} else {
+	    argvAdd(&query, "gpg-pubkey");
+	}
+	QVA_t qva = &rpmQVKArgs;
+	rstrcat(&qva->qva_queryFormat, "%{version}-%{release}: %{summary}\n");
+	ec = rpmcliQuery(ts, &rpmQVKArgs, (ARGV_const_t) query);
+	query = argvFree(query);
 	break;
     default:
 	argerror(_("only one major mode may be specified"));