diff --git a/ldnssec-keygen.c b/ldnssec-keygen.c
index 201517b..7c95c59 100644
--- a/ldnssec-keygen.c
+++ b/ldnssec-keygen.c
@@ -29,11 +29,46 @@ usage(void)
 
 	fprintf(stderr, "Usage:\n"
 	    "\t%s [-b bits] algorithm\n"
+	    "\t%s -n [-d domain]\n"
 	    "\t%s -r [-a algorithm] [-d domain] [-k] ds|dnskey\n",
-	    p, p);
+	    p, p, p);
 	exit(1);
 }
 
+static int
+print_filename_main(const char *domain, int argc, char *argv[])
+{
+	ldns_key *key;
+	ldns_rdf *rdf_dname;
+	ldns_status s;
+	char *str;
+	int line_nr;
+
+	if (argc != 0)
+		usage();
+
+	s = ldns_key_new_frm_fp_l(&key, stdin, &line_nr);
+	if (s != LDNS_STATUS_OK)
+		errx(1, "ldns_key_new_frm_fp_l: (stdin) line %d: %s",
+		    line_nr, ldns_get_errorstr_by_id(s));
+
+	s = ldns_str2rdf_dname(&rdf_dname, domain);
+	if (s != LDNS_STATUS_OK)
+		errx(1, "ldns_str2rdf_dname: %s", ldns_get_errorstr_by_id(s));
+
+	ldns_key_set_pubkey_owner(key, rdf_dname);
+
+	str = ldns_key_get_file_base_name(key);
+	if (str == NULL)
+		errx(1, "ldns_key_get_file_base_name");
+	printf("%s\n", str);
+
+	free(str);
+	ldns_key_deep_free(key);
+
+	return 0;
+}
+
 static int
 print_record_main(ldns_hash hash, int ksk, const char *domain, int argc,
     char *argv[])
@@ -139,14 +174,14 @@ main(int argc, char *argv[])
 	const char *errstr, *domain;
 	long long n;
 	int ch, rc;
-	int aflag, bflag, dflag, kflag, rflag;
+	int aflag, bflag, dflag, kflag, nflag, rflag;
 	uint16_t bits;
 
-	aflag = bflag = dflag = kflag = rflag = 0;
+	aflag = bflag = dflag = kflag = nflag = rflag = 0;
 	hash_alg = LDNS_SHA256;
 	bits = 0;
 	domain = ".";
-	while ((ch = getopt(argc, argv, "a:b:d:kr")) != -1) {
+	while ((ch = getopt(argc, argv, "a:b:d:knr")) != -1) {
 		switch (ch) {
 		case 'a':
 			aflag = 1;
@@ -169,6 +204,9 @@ main(int argc, char *argv[])
 		case 'k':
 			kflag = 1;
 			break;
+		case 'n':
+			nflag = 1;
+			break;
 		case 'r':
 			rflag = 1;
 			break;
@@ -179,17 +217,25 @@ main(int argc, char *argv[])
 	argc -= optind;
 	argv += optind;
 
-	if (bflag && (aflag || dflag || rflag || kflag))
-		errx(1, "-b is mutually exclusive with -d, -k and -r");
+	if (bflag && (aflag || dflag || kflag || nflag || rflag))
+		errx(1, "-b is mutually exclusive with -d, -k, -n and -r");
 	if (aflag && !rflag)
 		errx(1, "can't use -a without -r");
-	if (dflag && !rflag)
-		errx(1, "can't use -d without -r");
+	if (aflag && nflag)
+		errx(1, "-a and -n are mutually exclusive");
+	if (dflag && !(nflag || rflag))
+		errx(1, "can't use -d without -n or -r");
 	if (kflag && !rflag)
 		errx(1, "can't use -k without -r");
+	if (kflag && nflag)
+		errx(1, "-k and -n are mutually exclusive");
+	if (nflag && rflag)
+		errx(1, "-n and -r are mutually exclusive");
 
 	rc = 1;
-	if (rflag)
+	if (nflag)
+		rc = print_filename_main(domain, argc, argv);
+	else if (rflag)
 		rc = print_record_main(hash_alg, kflag, domain, argc, argv);
 	else
 		rc = keygen_main(bits, argc, argv);