diff --git a/src/keymanagement.c b/src/keymanagement.c
index dde9e6a2..f8a4a034 100644
--- a/src/keymanagement.c
+++ b/src/keymanagement.c
@@ -1737,7 +1737,8 @@ DYNAMIC_API PEP_STATUS own_identities_retrieve(
 PEP_STATUS _own_keys_retrieve(
         PEP_SESSION session,
         stringlist_t **keylist,
-        identity_flags_t excluded_flags
+        identity_flags_t excluded_flags,
+        bool private_only
       )
 {
     PEP_STATUS status = PEP_STATUS_OK;
@@ -1785,8 +1786,31 @@ PEP_STATUS _own_keys_retrieve(
     } while (result != SQLITE_DONE);
     
     sqlite3_reset(session->own_keys_retrieve);
-    if (status == PEP_STATUS_OK)
+    if (status == PEP_STATUS_OK) {
+        dedup_stringlist(_keylist);
+        if (private_only) {
+            stringlist_t* _kl = _keylist;
+            stringlist_t* _kl_prev = NULL;
+            while (_kl) {
+                bool has_private = false;
+                contains_priv_key(session, _kl->value, &has_private);
+                if (!has_private) {
+                    stringlist_t* _kl_tmp = _kl;
+                    if (_kl_prev) {
+                        _kl_prev->next = _kl->next;
+                    }
+                    _kl = _kl->next;
+                    
+                    _kl_tmp->next = NULL;
+                    free_stringlist(_kl_tmp);
+                    continue;
+                }
+                _kl_prev = _kl;
+                _kl = _kl->next;
+            }
+        }
         *keylist = _keylist;
+    }
     else
         free_stringlist(_keylist);
     
@@ -1802,7 +1826,7 @@ the_end:
 
 DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
 {
-    return _own_keys_retrieve(session, keylist, 0);
+    return _own_keys_retrieve(session, keylist, 0, true);
 }
 
 DYNAMIC_API PEP_STATUS set_own_key(
diff --git a/src/keymanagement.h b/src/keymanagement.h
index fc62e8b4..99347e32 100644
--- a/src/keymanagement.h
+++ b/src/keymanagement.h
@@ -330,17 +330,19 @@ PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
 //  parameters:
 //      session (in)            session to use
 //      keylist (out)           list of fingerprints
-//      excluded_flags (int)    flags to exclude from results
-//
+//      excluded_flags (in)     flags to exclude from results
+//      private_only (in)       if true, return only fprs for
+//                              which we have the secret part
 //  caveat:
 //      the ownership of the list goes to the caller
 DYNAMIC_API PEP_STATUS _own_keys_retrieve(
         PEP_SESSION session,
         stringlist_t **keylist,
-        identity_flags_t excluded_flags
+        identity_flags_t excluded_flags,
+        bool private_only
       );
 
-// own_keys_retrieve() - retrieve all flagged keypair fingerprints 
+// own_keys_retrieve() - retrieve all flagged public/private keypair fingerprints 
 //
 //  parameters:
 //      session (in)            session to use
@@ -348,6 +350,8 @@ DYNAMIC_API PEP_STATUS _own_keys_retrieve(
 //
 //  caveat:
 //      the ownership of the list goes to the caller
+//      this function does not return keys without a private key part
+//
 DYNAMIC_API PEP_STATUS own_keys_retrieve(
         PEP_SESSION session,
         stringlist_t **keylist
diff --git a/sync/cond_act_sync.yml2 b/sync/cond_act_sync.yml2
index b186d6d9..e76fe603 100644
--- a/sync/cond_act_sync.yml2
+++ b/sync/cond_act_sync.yml2
@@ -233,7 +233,7 @@ timeout KeySync
 action prepareOwnKeys
 ||
     stringlist_t *own_keys;
-    PEP_STATUS status = _own_keys_retrieve(session, &own_keys, PEP_idf_not_for_sync);
+    PEP_STATUS status = _own_keys_retrieve(session, &own_keys, PEP_idf_not_for_sync, true);
     if (status)
         return status;
 
diff --git a/test/gentestshell.py b/test/gentestshell.py
index 40eecc1b..e068129b 100644
--- a/test/gentestshell.py
+++ b/test/gentestshell.py
@@ -86,7 +86,10 @@ if not args.no_hdr:
 
 if not args.no_src:
     src_inc = ('#include <stdlib.h>\n'
+               '#include <cstring>\n'
                '#include <string>\n\n'
+               '#include <cpptest.h>\n'
+               '#include "test_util.h"\n\n'
                '#include "pEpEngine.h"\n\n'
                '#include "' + superclass +'.h"\n'
                '#include "' + test_suite + '.h"\n\n')
diff --git a/test/src/SuiteMaker.cc b/test/src/SuiteMaker.cc
index 465c0679..a1cbdfea 100644
--- a/test/src/SuiteMaker.cc
+++ b/test/src/SuiteMaker.cc
@@ -61,6 +61,7 @@
 #include "KeyResetMessageTests.h"
 #include "DeleteKeyTests.h"
 #include "KeyAttachmentTests.h"
+#include "OwnKeysRetrieveTests.h"
 #include "TrustManipulationTests.h"
 #include "SyncTests.h"
 #include "AppleMailTests.h"
@@ -116,13 +117,14 @@ const char* SuiteMaker::all_suites[] = {
     "KeyResetMessageTests",
     "DeleteKeyTests",
     "KeyAttachmentTests",
+    "OwnKeysRetrieveTests",
     "TrustManipulationTests",
     "SyncTests",
     "AppleMailTests",
 };
 
 // This file is generated, so magic constants are ok.
-int SuiteMaker::num_suites = 52;
+int SuiteMaker::num_suites = 53;
 
 void SuiteMaker::suitemaker_build(const char* test_class_name, const char* test_home, Test::Suite** test_suite) {
     if (strcmp(test_class_name, "MimeTests") == 0)
@@ -223,6 +225,8 @@ void SuiteMaker::suitemaker_build(const char* test_class_name, const char* test_
         *test_suite = new DeleteKeyTests(test_class_name, test_home);
     else if (strcmp(test_class_name, "KeyAttachmentTests") == 0)
         *test_suite = new KeyAttachmentTests(test_class_name, test_home);
+    else if (strcmp(test_class_name, "OwnKeysRetrieveTests") == 0)
+        *test_suite = new OwnKeysRetrieveTests(test_class_name, test_home);
     else if (strcmp(test_class_name, "TrustManipulationTests") == 0)
         *test_suite = new TrustManipulationTests(test_class_name, test_home);
     else if (strcmp(test_class_name, "SyncTests") == 0)