@@ -466,11 +466,11 @@
 	size_t certificate_len;
 	unsigned char *certificate;
 };
 
 struct cackey_identity {
-	struct cackey_pcsc_identity *identity;
+	struct cackey_pcsc_identity *pcsc_identity;
 
 	CK_ATTRIBUTE *attributes;
 	CK_ULONG attributes_count;
 };
 
@@ -1865,20 +1865,32 @@
 	if (outbuf == NULL) {
 		CACKEY_DEBUG_PRINTF("Error.  outbuf is NULL");
 
 		return(-1);
 	}
+
+	if (identity == NULL) {
+		CACKEY_DEBUG_PRINTF("Error.  identity is NULL");
+
+		return(-1);
+	}
+
+	if (identity->pcsc_identity == NULL) {
+		CACKEY_DEBUG_PRINTF("Error.  identity->pcsc_identity is NULL");
+
+		return(-1);
+	}
 
 	/* Begin transaction */
 	cackey_begin_transaction(slot);
 
 	/* Select correct applet */
-	CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->identity->applet);
-	cackey_select_applet(slot, identity->identity->applet, sizeof(identity->identity->applet));
+	CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
+	cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));
 
 	/* Select correct file */
-	cackey_select_file(slot, identity->identity->file);
+	cackey_select_file(slot, identity->pcsc_identity->file);
 
 	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, 0x00, 0x00, buflen, buf, le, NULL, outbuf, &outbuflen);
 	if (send_ret != CACKEY_PCSC_S_OK) {
 		CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
 
@@ -2516,11 +2528,15 @@
 				if (curr_attr->pValue) {
 					free(curr_attr->pValue);
 				}
 			}
 
-			free(identities[id_idx].attributes);
+			if (identities[id_idx].attributes) {
+				free(identities[id_idx].attributes);
+			}
+
+			cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1);
 		}
 	}
 
 	free(identities);
 }
@@ -2553,10 +2569,16 @@
 
 				if (identities[id_idx].attributes == NULL) {
 					identities[id_idx].attributes_count = 0;
 				}
 
+				identities[id_idx].pcsc_identity = malloc(sizeof(*identities[id_idx].pcsc_identity));
+				memcpy(identities[id_idx].pcsc_identity, &pcsc_identities[cert_idx], sizeof(*identities[id_idx].pcsc_identity));
+
+				identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len);
+				memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len);
+
 				id_idx++;
 			}
 		}
 
 		cackey_free_certs(pcsc_identities, num_certs, 1);
@@ -4604,11 +4626,11 @@
 
 	cackey_sessions[hSession].sign_buflen = 128;
 	cackey_sessions[hSession].sign_bufused = 0;
 	cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
 
-	CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identitie #%lu)", (unsigned long) hSession, &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
+	CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
 	cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
 
 	mutex_retval = cackey_mutex_unlock(cackey_biglock);
 	if (mutex_retval != 0) {
 		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");