diff --git a/README b/README
index 9ff2542..a249b02 100644
--- a/README
+++ b/README
@@ -100,14 +100,25 @@ doing key roll-over
 MELLON_PRIVATE_KEY
 ------------------
 
-The PKCS#8 PEM encoded private key, if not provided request will not
-be signed.
+The PKCS#8 PEM encoded private key. If neither MELLON_PRIVATE_KEYS and
+MELLON_PRIVATE_KEY are set, request will not be signed.
 
 MELLON_PRIVATE_KEY_PASSWORD
 ---------------------------
 
 Password for the private key if needed, default is None
 
+MELLON_PRIVATE_KEYS
+-------------------
+
+A list of private keys contained in strings (same format ass
+MELLON_PRIVATE_KEY) or of tuple paris (private_key, private_key_password). If
+MELLON_PRIVATE_KEY is None, the first key in MELLON_PRIVATE_KEYS will be used
+to sign messages. Other keys are only for decrypting encrypted assertions.  If
+the same key appear in MELLON_PRIVATE_KEY and MELLON_PRIVATE_KEYS it will be
+ignored the second time. If neither MELLON_PRIVATE_KEYS and MELLON_PRIVATE_KEY
+are set, request will not be signed.
+
 MELLON_NAME_ID_FORMATS
 ----------------------
 
diff --git a/mellon/app_settings.py b/mellon/app_settings.py
index 290c34c..69d59eb 100644
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@@ -6,6 +6,7 @@ class AppSettings(object):
     __DEFAULTS = {
             'PUBLIC_KEYS': (),
             'PRIVATE_KEY': None,
+            'PRIVATE_KEYS': (),
             'PRIVATE_KEY_PASSWORD': None,
             'NAME_ID_FORMATS': (),
             'NAME_ID_POLICY_FORMAT': None,
diff --git a/mellon/utils.py b/mellon/utils.py
index a43aa59..58ef6e2 100644
--- a/mellon/utils.py
+++ b/mellon/utils.py
@@ -42,9 +42,28 @@ def create_server(request):
     if root not in SERVERS:
         idps = get_idps()
         metadata = create_metadata(request)
+        if app_settings.PRIVATE_KEY:
+            private_key = app_settings.PRIVATE_KEY
+            private_key_password = app_settings.PRIVATE_KEY_PASSWORD
+        elif app_settings.PRIVATE_KEYS:
+            private_key = app_settings.PRIVATE_KEYS
+            private_key_password = None
+            if isinstance(private_key, (tuple, list)):
+                private_key_password = private_key[1]
+                private_key = private_key[0]
+        else: # no signature
+            private_key = None
+            private_key_password = None
         server = lasso.Server.newFromBuffers(metadata,
-                private_key_content=app_settings.PRIVATE_KEY,
-                private_key_password=app_settings.PRIVATE_KEY_PASSWORD)
+                private_key_content=private_key,
+                private_key_password=private_key_password)
+        server.setEncryptionPrivateKeyWithPassword(private_key, private_key_password)
+        for key in app_settings.PRIVATE_KEYS:
+            password = None
+            if isinstance(key, (tuple, list)):
+                password = key[1]
+                key = key[0]
+            server.setEncryptionPrivateKeyWithPassword(key, password)
         for idp in idps:
             if 'METADATA_URL' in idp and 'METADATA' not in idp:
                 idp['METADATA'] = urllib.urlopen(idp['METADATA_URL']).read()
@@ -59,7 +78,7 @@ def create_server(request):
 def create_login(request):
     server = create_server(request)
     login = lasso.Login(server)
-    if not app_settings.PRIVATE_KEY:
+    if not app_settings.PRIVATE_KEY and not app_settings.PRIVATE_KEYS:
         login.setSignatureHint(lasso.PROFILE_SIGNATURE_HINT_FORBID)
     return login