diff --git a/tests/basic_tests.c b/tests/basic_tests.c
index 4e3f77b1..78c70d7b 100644
--- a/tests/basic_tests.c
+++ b/tests/basic_tests.c
@@ -2057,13 +2057,11 @@ START_TEST(test15_ds_key_info)
 	list = (GList){ .data = ds_key_info, .next = NULL, .prev = NULL };
 	lasso_saml2_key_info_confirmation_data_type_set_key_info(kicdt, &list);
 	dump = lasso_node_debug((LassoNode*)sc, 10);
-	printf("1 %s\n", dump);
 	lasso_release_gobject(sc);
 	lasso_release_gobject(ds_key_info);
 	node = lasso_node_new_from_dump(dump);
 	lasso_release_string(dump);
 	dump = lasso_node_debug(node, 10);
-	printf("2 %s\n", dump);
 	lasso_release_string(dump);
 }
 END_TEST
diff --git a/tests/random_tests.c b/tests/random_tests.c
index b70c6082..df3dde34 100644
--- a/tests/random_tests.c
+++ b/tests/random_tests.c
@@ -33,6 +33,7 @@
 #include "../lasso/xml/saml_name_identifier.h"
 #include "../lasso/xml/samlp_response.h"
 #include "../lasso/utils.h"
+#include "../lasso/key.h"
 
 
 Suite* random_suite();
@@ -328,6 +329,105 @@ LlTxKnCrWAXftSm1rNtewTsF\n\
 }
 END_TEST
 
+
+START_TEST(test08_lasso_key)
+{
+	/* normal query as produces by Lasso */
+	const char query1[] = "SAMLRequest=fZHNasMwEIRfxeieWrYTtQjb4DgJBNqSNqWHXopw1kQgS6523Z%2B3r%2BxQSKDkOppvd2aVo%2BpML6uBjvYZPgZAir47Y1FODwUbvJVOoUZpVQcoqZH76uFepjdc9t6Ra5xhZ8h1QiGCJ%2B0si7argr0vxTLJ1guRilpU8%2FWtyKpNnaXrukoF32SCRa%2FgMfgLFvAAIQ6wtUjKUpB4wmc8nSX8hXOZ3Ml0%2FsaijfMNTIUK1iqDMGK7sFl%2Fwp9S5mNWOY3z5ZGol3GM%2FSLugNRBkcrjc0N%2ButJj6LNd7ZzRzc%2B4plN0ve6o6MOsnayyH6sggSUW7XfjsKdBGd1q8AX7JwOLKmPcV%2B1BUUhOfgAWl6dkl19W%2FgI%3D&RelayState=fake%5B%5D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=wDxMSEPKhK%2FuU06cmL50oVx%2B7eP5%2FQirShQE%2BLv9pT3CrVwb6WBV1Tp9XS2VVJ2odLHogdA%2FE1XDW7BIRKYgkN8bXVlC2GybSYBhyn8bwAuyHs%2BnMW48LF%2FE5vFiZxbw8tMWUAktdvDuaXoZLhubX7UgV%2B%2BdRyjhckolpXTC9xuJdoHJUDF0vzzNm8xZs6LR7tjWUoz5CcjMJA3LVfWmpE5UjCyRmGbi9knGWHdY75CFtArD%2BNSkGeNx9xySrUlik6e57Zlodv4V9WBdeopAWskO58BA27GqTmnSLooeo%2FrtLxc1NZeuau11YxNzwl%2FvN8%2FQ5IsR3Xic8X1TaCCtwg%3D%3D";
+	/* SAMLRequest field was moved in the middle, Signature to the beginning and all & were
+	 * changed to ; */
+	const char query2[] = "Signature=wDxMSEPKhK%2FuU06cmL50oVx%2B7eP5%2FQirShQE%2BLv9pT3CrVwb6WBV1Tp9XS2VVJ2odLHogdA%2FE1XDW7BIRKYgkN8bXVlC2GybSYBhyn8bwAuyHs%2BnMW48LF%2FE5vFiZxbw8tMWUAktdvDuaXoZLhubX7UgV%2B%2BdRyjhckolpXTC9xuJdoHJUDF0vzzNm8xZs6LR7tjWUoz5CcjMJA3LVfWmpE5UjCyRmGbi9knGWHdY75CFtArD%2BNSkGeNx9xySrUlik6e57Zlodv4V9WBdeopAWskO58BA27GqTmnSLooeo%2FrtLxc1NZeuau11YxNzwl%2FvN8%2FQ5IsR3Xic8X1TaCCtwg%3D%3D;RelayState=fake%5B%5D;SAMLRequest=fZHNasMwEIRfxeieWrYTtQjb4DgJBNqSNqWHXopw1kQgS6523Z%2B3r%2BxQSKDkOppvd2aVo%2BpML6uBjvYZPgZAir47Y1FODwUbvJVOoUZpVQcoqZH76uFepjdc9t6Ra5xhZ8h1QiGCJ%2B0si7argr0vxTLJ1guRilpU8%2FWtyKpNnaXrukoF32SCRa%2FgMfgLFvAAIQ6wtUjKUpB4wmc8nSX8hXOZ3Ml0%2FsaijfMNTIUK1iqDMGK7sFl%2Fwp9S5mNWOY3z5ZGol3GM%2FSLugNRBkcrjc0N%2ButJj6LNd7ZzRzc%2B4plN0ve6o6MOsnayyH6sggSUW7XfjsKdBGd1q8AX7JwOLKmPcV%2B1BUUhOfgAWl6dkl19W%2FgI%3D;SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1";
+	const char query3[] = "RelayState=fake%5B%5D&SAMLRequest=fZHNasMwEIRfxeieWrYTtQjb4DgJBNqSNqWHXopw1kQgS6523Z%2B3r%2BxQSKDkOppvd2aVo%2BpML6uBjvYZPgZAir47Y1FODwUbvJVOoUZpVQcoqZH76uFepjdc9t6Ra5xhZ8h1QiGCJ%2B0si7argr0vxTLJ1guRilpU8%2FWtyKpNnaXrukoF32SCRa%2FgMfgLFvAAIQ6wtUjKUpB4wmc8nSX8hXOZ3Ml0%2FsaijfMNTIUK1iqDMGK7sFl%2Fwp9S5mNWOY3z5ZGol3GM%2FSLugNRBkcrjc0N%2ButJj6LNd7ZzRzc%2B4plN0ve6o6MOsnayyH6sggSUW7XfjsKdBGd1q8AX7JwOLKmPcV%2B1BUUhOfgAWl6dkl19W%2FgI%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=wDxMSEPKhK%2FuU06cmL50oVx%2B7eP5%2FQirShQE%2BLv9pT3CrVwb6WBV1Tp9XS2VVJ2odLHogdA%2FE1XDW7BIRKYgkN8bXVlC2GybSYBhyn8bwAuyHs%2BnMW48LF%2FE5vFiZxbw8tMWUAktdvDuaXoZLhubX7UgV%2B%2BdRyjhckolpXTC9xuJdoHJUDF0vzzNm8xZs6LR7tjWUoz5CcjMJA3LVfWmpE5UjCyRmGbi9knGWHdY75CFtArD%2BNSkGeNx9xySrUlik6e57Zlodv4V9WBdeopAWskO58BA27GqTmnSLooeo%2FrtLxc1NZeuau11YxNzwl%2FvN8%2FQ5IsR3Xic8X1TacCtwg%3D%3D";
+	/* sp5-saml2 key */
+	const char pkey[] = "-----BEGIN CERTIFICATE-----\n\
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP\n\
+MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91\n\
+dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5\n\
+MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF\n\
+UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw\n\
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq\n\
+h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m\n\
+6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u\n\
+uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH\n\
+ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi\n\
++3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA\n\
+AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0\n\
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G\n\
+A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB\n\
+AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ\n\
+BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa\n\
+pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew\n\
+fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP\n\
+NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR\n\
+LlTxKnCrWAXftSm1rNtewTsF\n\
+-----END CERTIFICATE-----";
+	LassoKey *key = lasso_key_new_for_signature_from_memory(pkey, strlen(pkey), NULL,
+			LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
+	LassoKey *key2 = lasso_key_new_for_signature_from_file(
+			TESTSDATADIR "/sp5-saml2/private-key.pem", NULL,
+			LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
+	char *message = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_E3F8E9116EE08F0E2607CF9789649BB4\" Version=\"2.0\" IssueInstant=\"2012-03-09T11:34:48Z\" ForceAuthn=\"false\" IsPassive=\"false\"><saml:Issuer>http://sp5/metadata</saml:Issuer><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n\
+<SignedInfo>\n\
+<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\n\
+<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n\
+<Reference URI=\"#_E3F8E9116EE08F0E2607CF9789649BB4\">\n\
+<Transforms>\n\
+<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n\
+<Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\n\
+</Transforms>\n\
+<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n\
+<DigestValue>tMncKjklMJaJLbmB7bARmX14Fdg=</DigestValue>\n\
+</Reference>\n\
+</SignedInfo>\n\
+<SignatureValue>VjAHErXE8rz5yQ/t9Ubws11E59PsU/tXPtL6eCMAVLQxV4Bv0dwyYkeHtge1DXDT\n\
+usTy1c17+iuYCVqD3Db51+LMVsHchj0j44fhu/PXNQTmgiT2AuVfH97YhiBWykAs\n\
+LwT8MiE9vNGiHQwsWVjhdzooVmU0M80m0Ij2DFMcYiKzmuMhE4M65qUO4tygQLiL\n\
+YB5oPe0VYKEBJLfaTvuijLBTi4ecx6aU+HptAvuEOcCbcJZtGyv7jr2yuEDSq72S\n\
+0hwOV0CIsQoSf/vL7R9RzTs2bpgYVGqgerhpWsz6dqo7YX0NSj9pMbXZiOyX/YzS\n\
+uP3QSjow05NiPhy8ywKW8A==</SignatureValue>\n\
+<KeyInfo>\n\
+<KeyValue>\n\
+<RSAKeyValue>\n\
+<Modulus>\n\
+zTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB/qVTZixm+euZF1wV\n\
+a/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+k5PBFeb98zRAY95f\n\
+PDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml900ust5Dy/IKyGgVT\n\
+4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiGZ/Ez1RztanjEoBzW\n\
+dSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmNEqTNKQ3mPwpMz+TW\n\
+M8+wMc9FjNtZaGc213omWQ==\n\
+</Modulus>\n\
+<Exponent>\n\
+AQAB\n\
+</Exponent>\n\
+</RSAKeyValue>\n\
+</KeyValue>\n\
+</KeyInfo>\n\
+</Signature><samlp:NameIDPolicy Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\" AllowCreate=\"true\"/></samlp:AuthnRequest>";
+	xmlDoc *doc;
+
+	doc = xmlParseDoc(BAD_CAST message);
+	fail_unless(key != NULL, "Cannot load public key");
+	fail_unless(lasso_key_query_verify(key, query1) == 0, "Signature was not validated");
+	/* test reordering and semi-colon separator support */
+	fail_unless(lasso_key_query_verify(key, query2) == 0, "Disordered signature was not validated");
+	fail_unless(lasso_key_query_verify(key, query3) != 0, "Altered signature was validated");
+	fail_unless(lasso_key_saml2_xml_verify(key,
+		"_E3F8E9116EE08F0E2607CF9789649BB4", xmlDocGetRootElement(doc)) == 0,
+		"XML Signature is not validated");
+	g_object_unref(key);
+	fail_unless(key2 != NULL, "Cannot load public key2");
+	fail_unless(lasso_key_query_verify(key2, query1) == 0, "Signature was not validated");
+	/* test reordering and semi-colon separator support */
+	fail_unless(lasso_key_query_verify(key2, query2) == 0, "Disordered signature was not validated");
+	fail_unless(lasso_key_query_verify(key2, query3) != 0, "Altered signature was validated");
+	fail_unless(lasso_key_saml2_xml_verify(key2,
+		"_E3F8E9116EE08F0E2607CF9789649BB4", xmlDocGetRootElement(doc)) == 0,
+		"XML Signature is not validated");
+	g_object_unref(key2);
+	lasso_release_doc(doc);
+}
+END_TEST
+
 Suite*
 random_suite()
 {
@@ -335,6 +435,7 @@ random_suite()
 	TCase *tc_providers = tcase_create("Provider stuffs");
 	TCase *tc_servers = tcase_create("Server stuffs");
 	TCase *tc_node = tcase_create("Node stuff");
+	TCase *tc_keys = tcase_create("Lasso keys");
 
 	suite_add_tcase(s, tc_providers);
 	tcase_add_test(tc_providers, test01_provider_new);
@@ -351,6 +452,9 @@ random_suite()
 	tcase_add_test(tc_node, test06_lib_statuscode);
 	tcase_add_test(tc_node, test07_saml2_query_verify_signature);
 
+	suite_add_tcase(s, tc_keys);
+	tcase_add_test(tc_keys, test08_lasso_key);
+
 	return s;
 }