diff --git a/lib/hx509/hxtool-commands.in b/lib/hx509/hxtool-commands.in
index 7af98c05c..e5d4b9923 100644
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -383,6 +383,16 @@ command = {
 	argument="bytes"
 	help = "Generates random bytes and prints them to standard output"
 }
+command = {
+	name = "crypto-available"
+	min_args="0"
+	help = "Print available CMS crypto types"
+}
+command = {
+	name = "crypto-select"
+	min_args="0"
+	help = "Print available CMS crypto types"
+}
 command = {
 	name = "help"
 	name = "?"
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index a8a2e4ddc..fe38619f4 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -990,6 +990,50 @@ random_data(void *opt, int argc, char **argv)
     return 0;
 }
 
+int
+crypto_available(void *opt, int argc, char **argv)
+{
+    int ret;
+    size_t len, i;
+    AlgorithmIdentifier *val;
+
+    ret = hx509_crypto_available(context, HX509_SELECT_ALL,
+				 NULL, &val, &len);
+    if (ret)
+	errx(1, "hx509_crypto_available");
+
+    for (i = 0; i < len; i++) {
+	char *s;
+	der_print_heim_oid (&val[i].algorithm, '.', &s);
+	printf("%s\n", s);
+	free(s);
+    }
+
+    hx509_crypto_free_algs(val, len);
+
+    return 0;
+}
+
+int
+crypto_select(void *opt, int argc, char **argv)
+{
+    int ret;
+    char *s;
+    AlgorithmIdentifier val;
+
+    ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
+			      NULL, NULL, &val);
+    if (ret)
+	errx(1, "hx509_crypto_available");
+
+    der_print_heim_oid (&val.algorithm, '.', &s);
+    printf("%s\n", s);
+    free(s);
+    free_AlgorithmIdentifier(&val);
+
+    return 0;
+}
+
 int
 help(void *opt, int argc, char **argv)
 {