diff --git a/dnscrypt/testdata/gencert.sh b/dnscrypt/testdata/gencert.sh
new file mode 100755
index 000000000..ae0b2311e
--- /dev/null
+++ b/dnscrypt/testdata/gencert.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+CERT_EXPIRE_DAYS="$(( 365 * 15 ))"
+DIR="$(dirname "$0")"
+
+
+if [[ "$PWD" != *tdir ]]
+then
+    echo "You should run this script with a .tdir directory"
+    exit 1
+fi
+
+for i in 1 2
+do
+    # Ephemeral key
+    rm -f "${i}.key"
+    dnscrypt-wrapper --gen-crypt-keypair \
+        --crypt-secretkey-file="${i}.key"  \
+        --provider-publickey-file="${DIR}/keys${i}/public.key" \
+        --provider-secretkey-file="${DIR}/keys${i}/secret.key"
+    # Cert file
+    for cipher in salsa chacha
+    do
+        rm -f "${i}_${cipher}.cert"
+        extraarg=""
+        if [ "${cipher}" == "chacha" ]
+        then
+             extraarg="-x"
+        fi
+
+        dnscrypt-wrapper ${extraarg} --gen-cert-file \
+            --provider-cert-file="${i}_${cipher}.cert" \
+            --crypt-secretkey-file="${i}.key" \
+            --provider-publickey-file="${DIR}/keys${i}/public.key" \
+            --provider-secretkey-file="${DIR}/keys${i}/secret.key" \
+            --cert-file-expire-days="${CERT_EXPIRE_DAYS}"
+    done
+done
diff --git a/dnscrypt/testdata/keys1/public.key b/dnscrypt/testdata/keys1/public.key
new file mode 100644
index 000000000..45e6aadc3
--- /dev/null
+++ b/dnscrypt/testdata/keys1/public.key
@@ -0,0 +1 @@
+¸_A¡O#÷ÛÈfó—ÌoD¶_eÅ¶)|'T¦éÜòO
\ No newline at end of file
diff --git a/dnscrypt/testdata/keys1/secret.key b/dnscrypt/testdata/keys1/secret.key
new file mode 100644
index 000000000..7672c979b
--- /dev/null
+++ b/dnscrypt/testdata/keys1/secret.key
@@ -0,0 +1 @@
+-&ç6\Uùõñh`^"…ºz/C9‚óˆ¸_A¡O#÷ÛÈfó—ÌoD¶_eÅ¶)|'T¦éÜòO
\ No newline at end of file
diff --git a/dnscrypt/testdata/keys2/public.key b/dnscrypt/testdata/keys2/public.key
new file mode 100644
index 000000000..036b04aab
--- /dev/null
+++ b/dnscrypt/testdata/keys2/public.key
@@ -0,0 +1 @@
+ÃR òÒýeµô{ölˆÁKË€Î:5r\±}KÓçƒ
\ No newline at end of file
diff --git a/dnscrypt/testdata/keys2/secret.key b/dnscrypt/testdata/keys2/secret.key
new file mode 100644
index 000000000..687302956
--- /dev/null
+++ b/dnscrypt/testdata/keys2/secret.key
@@ -0,0 +1 @@
+çi%‚ 5fÍ™–íÉûŒíBnêÍ¯.º“ÃR òÒýeµô{ölˆÁKË€Î:5r\±}KÓçƒ
\ No newline at end of file
diff --git a/doc/Changelog b/doc/Changelog
index e6c8e1976..bceebda65 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
 	- Fix #1414: fix segfault on parse failure and log_replies.
 	- zero qinfo in handle_request, this zeroes local_alias and also the
 	  qname member.
+	- new keys and certs for dnscrypt tests.
 
 28 August 2017: Wouter
 	- Fix #1415: patch to free dnscrypt environment on reload.
diff --git a/testdata/dnscrypt_cert.tdir/1.key b/testdata/dnscrypt_cert.tdir/1.key
index 769896104..165262c86 100644
Binary files a/testdata/dnscrypt_cert.tdir/1.key and b/testdata/dnscrypt_cert.tdir/1.key differ
diff --git a/testdata/dnscrypt_cert.tdir/1_chacha.cert b/testdata/dnscrypt_cert.tdir/1_chacha.cert
new file mode 100644
index 000000000..3da5c612d
Binary files /dev/null and b/testdata/dnscrypt_cert.tdir/1_chacha.cert differ
diff --git a/testdata/dnscrypt_cert.tdir/1_salsa.cert b/testdata/dnscrypt_cert.tdir/1_salsa.cert
new file mode 100644
index 000000000..17e447fc3
Binary files /dev/null and b/testdata/dnscrypt_cert.tdir/1_salsa.cert differ
diff --git a/testdata/dnscrypt_cert.tdir/2.key b/testdata/dnscrypt_cert.tdir/2.key
index ae385c068..c299f550a 100644
--- a/testdata/dnscrypt_cert.tdir/2.key
+++ b/testdata/dnscrypt_cert.tdir/2.key
@@ -1,2 +1 @@
-°Ù`½éj0Èu¼x‚¶t[
-]ÙuRª³@;f]Z<
\ No newline at end of file
+m7ŸñâÂƒx;‘%×¸õé*•ÜR¯äÓ¯¹mDªñ
\ No newline at end of file
diff --git a/testdata/dnscrypt_cert.tdir/2_chacha.cert b/testdata/dnscrypt_cert.tdir/2_chacha.cert
new file mode 100644
index 000000000..ed4ec2606
Binary files /dev/null and b/testdata/dnscrypt_cert.tdir/2_chacha.cert differ
diff --git a/testdata/dnscrypt_cert.tdir/2_salsa.cert b/testdata/dnscrypt_cert.tdir/2_salsa.cert
new file mode 100644
index 000000000..6e71fe978
Binary files /dev/null and b/testdata/dnscrypt_cert.tdir/2_salsa.cert differ
diff --git a/testdata/dnscrypt_cert_chacha.tdir/1.key b/testdata/dnscrypt_cert_chacha.tdir/1.key
index 769896104..165262c86 100644
Binary files a/testdata/dnscrypt_cert_chacha.tdir/1.key and b/testdata/dnscrypt_cert_chacha.tdir/1.key differ
diff --git a/testdata/dnscrypt_cert_chacha.tdir/1_chacha.cert b/testdata/dnscrypt_cert_chacha.tdir/1_chacha.cert
new file mode 100644
index 000000000..3da5c612d
Binary files /dev/null and b/testdata/dnscrypt_cert_chacha.tdir/1_chacha.cert differ
diff --git a/testdata/dnscrypt_cert_chacha.tdir/1_salsa.cert b/testdata/dnscrypt_cert_chacha.tdir/1_salsa.cert
new file mode 100644
index 000000000..17e447fc3
Binary files /dev/null and b/testdata/dnscrypt_cert_chacha.tdir/1_salsa.cert differ
diff --git a/testdata/dnscrypt_cert_chacha.tdir/2.key b/testdata/dnscrypt_cert_chacha.tdir/2.key
index ae385c068..c299f550a 100644
--- a/testdata/dnscrypt_cert_chacha.tdir/2.key
+++ b/testdata/dnscrypt_cert_chacha.tdir/2.key
@@ -1,2 +1 @@
-°Ù`½éj0Èu¼x‚¶t[
-]ÙuRª³@;f]Z<
\ No newline at end of file
+m7ŸñâÂƒx;‘%×¸õé*•ÜR¯äÓ¯¹mDªñ
\ No newline at end of file
diff --git a/testdata/dnscrypt_cert_chacha.tdir/2_chacha.cert b/testdata/dnscrypt_cert_chacha.tdir/2_chacha.cert
index 9466220ab..ed4ec2606 100644
Binary files a/testdata/dnscrypt_cert_chacha.tdir/2_chacha.cert and b/testdata/dnscrypt_cert_chacha.tdir/2_chacha.cert differ
diff --git a/testdata/dnscrypt_cert_chacha.tdir/2_salsa.cert b/testdata/dnscrypt_cert_chacha.tdir/2_salsa.cert
new file mode 100644
index 000000000..6e71fe978
Binary files /dev/null and b/testdata/dnscrypt_cert_chacha.tdir/2_salsa.cert differ
diff --git a/testdata/dnscrypt_queries.tdir/1.key b/testdata/dnscrypt_queries.tdir/1.key
index 769896104..165262c86 100644
Binary files a/testdata/dnscrypt_queries.tdir/1.key and b/testdata/dnscrypt_queries.tdir/1.key differ
diff --git a/testdata/dnscrypt_queries.tdir/1_chacha.cert b/testdata/dnscrypt_queries.tdir/1_chacha.cert
new file mode 100644
index 000000000..3da5c612d
Binary files /dev/null and b/testdata/dnscrypt_queries.tdir/1_chacha.cert differ
diff --git a/testdata/dnscrypt_queries.tdir/1_salsa.cert b/testdata/dnscrypt_queries.tdir/1_salsa.cert
new file mode 100644
index 000000000..17e447fc3
Binary files /dev/null and b/testdata/dnscrypt_queries.tdir/1_salsa.cert differ
diff --git a/testdata/dnscrypt_queries.tdir/2.key b/testdata/dnscrypt_queries.tdir/2.key
index ae385c068..c299f550a 100644
--- a/testdata/dnscrypt_queries.tdir/2.key
+++ b/testdata/dnscrypt_queries.tdir/2.key
@@ -1,2 +1 @@
-°Ù`½éj0Èu¼x‚¶t[
-]ÙuRª³@;f]Z<
\ No newline at end of file
+m7ŸñâÂƒx;‘%×¸õé*•ÜR¯äÓ¯¹mDªñ
\ No newline at end of file
diff --git a/testdata/dnscrypt_queries.tdir/2_chacha.cert b/testdata/dnscrypt_queries.tdir/2_chacha.cert
new file mode 100644
index 000000000..ed4ec2606
Binary files /dev/null and b/testdata/dnscrypt_queries.tdir/2_chacha.cert differ
diff --git a/testdata/dnscrypt_queries.tdir/2_salsa.cert b/testdata/dnscrypt_queries.tdir/2_salsa.cert
new file mode 100644
index 000000000..6e71fe978
Binary files /dev/null and b/testdata/dnscrypt_queries.tdir/2_salsa.cert differ
diff --git a/testdata/dnscrypt_queries_chacha.tdir/1.key b/testdata/dnscrypt_queries_chacha.tdir/1.key
new file mode 100644
index 000000000..165262c86
--- /dev/null
+++ b/testdata/dnscrypt_queries_chacha.tdir/1.key
@@ -0,0 +1 @@
+®öÝìK¬‡#‘€4ùsŽ	pèÖôÁæÀx!¹»AŠ"mM
\ No newline at end of file
diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert
new file mode 100644
index 000000000..3da5c612d
Binary files /dev/null and b/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert differ
diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert b/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert
new file mode 100644
index 000000000..17e447fc3
Binary files /dev/null and b/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert differ
diff --git a/testdata/dnscrypt_queries_chacha.tdir/2.key b/testdata/dnscrypt_queries_chacha.tdir/2.key
index ae385c068..c299f550a 100644
--- a/testdata/dnscrypt_queries_chacha.tdir/2.key
+++ b/testdata/dnscrypt_queries_chacha.tdir/2.key
@@ -1,2 +1 @@
-°Ù`½éj0Èu¼x‚¶t[
-]ÙuRª³@;f]Z<
\ No newline at end of file
+m7ŸñâÂƒx;‘%×¸õé*•ÜR¯äÓ¯¹mDªñ
\ No newline at end of file
diff --git a/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert
index 9466220ab..ed4ec2606 100644
Binary files a/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert and b/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert differ
diff --git a/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert b/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert
index 1e98d0cd2..6e71fe978 100644
Binary files a/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert and b/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert differ