Can the crypothome CLI be cleaned up and made more helpful? For example, there are many ways to specify the target key label:

  cryptohome --action=add_key_ex --add_key_label=foo
  cryptohome --action=check_key_ex --key_label=foo
  cryptohome --action=remove_key_ex --remove_key_label=foo

I think the reason for a separate --add_key_label is because you can still specify --key_label for the user to authenticate against. But this is still confusing to use.

If you don't specify the label, you get a generic message such as "No label provided for target key", which is not very helpful to fixing the command; instead, the message should be something like "Missing --add_key_label".

Beyond that, unused arguments are silently ignored, ie,

  cryptohome --action=check_key_ex --label=foo

It is also challenging to figure out what flags a command supports. The help just lists all actions but none of the arguments. It'd be great if when a command is not run correctly it dumps the possible arguments, ie:

  $ cryptohome --action=check_key_ex --help
  crypothome --action=check_key_ex [--user=<email> --key_label=<label>]
  $ cryptohome --action=add_key_ex --help
  crypothome --action=add_key_ex --add_key_label=<label> --user=<email> [--key_label=<label>]