2 files changed, 9 insertions, 10 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index d76cfc15..9e914002 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -385,10 +385,10 @@ lasso_login_build_assertion(LassoLogin *login,
 	provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
 	ss = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(as);
 	if (provider && provider->private_data->encryption_mode & LASSO_ENCRYPTION_MODE_NAMEID
-			&& provider->private_data->encryption_public_key != NULL) {
+			&& lasso_provider_get_encryption_public_key(provider) != NULL) {
 		encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(lasso_node_encrypt(
 			LASSO_NODE(ss->Subject->NameIdentifier),
-			provider->private_data->encryption_public_key,
+			lasso_provider_get_encryption_public_key(provider),
 			provider->private_data->encryption_sym_key_type, provider->ProviderID));
 		if (encrypted_element != NULL) {
 			lasso_assign_new_gobject(ss->Subject->EncryptedNameIdentifier, encrypted_element);
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 28c9e1d2..8df653de 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -550,8 +550,8 @@ lasso_provider_get_encryption_public_key(const LassoProvider *provider)
 	g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
 	GList *public_keys;
 
-	if (provider->private_data->encryption_public_key) {
-		return provider->private_data->encryption_public_key;
+	if (provider->private_data->encryption_public_keys) {
+		return provider->private_data->encryption_public_keys->data;
 	}
 	public_keys = lasso_provider_get_public_keys(provider);
 	if (! public_keys) {
@@ -859,9 +859,8 @@ dispose(GObject *object)
 		provider->private_data->encryption_public_key_str = NULL;
 	}
 
-	if (provider->private_data->encryption_public_key) {
-		xmlSecKeyDestroy(provider->private_data->encryption_public_key);
-		provider->private_data->encryption_public_key = NULL;
+	if (provider->private_data->encryption_public_keys) {
+		lasso_release_list_of_sec_key(provider->private_data->encryption_public_keys);
 	}
 
 	lasso_release(provider->private_data->affiliation_id);
@@ -906,7 +905,7 @@ instance_init(LassoProvider *provider)
 	provider->private_data->signing_key_descriptors = NULL;
 	provider->private_data->encryption_key_descriptor = NULL;
 	provider->private_data->encryption_public_key_str = NULL;
-	provider->private_data->encryption_public_key = NULL;
+	provider->private_data->encryption_public_keys = NULL;
 	provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
 	provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128;
 
@@ -1290,8 +1289,8 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi
 						list_of_sec_key);
 				break;
 			case LASSO_PUBLIC_KEY_ENCRYPTION:
-				lasso_assign_new_sec_key(provider->private_data->encryption_public_key,
-						(xmlSecKey*)keys->data);
+				lasso_transfer_full(provider->private_data->encryption_public_keys,
+						keys, list_of_sec_key);
 				break;
 			default:
 				lasso_release_list_of_sec_key(keys);