diff --git a/tests/tpem_encoder b/tests/tpem_encoder
index 090c7875..59f6d8b5 100755
--- a/tests/tpem_encoder
+++ b/tests/tpem_encoder
@@ -11,24 +11,35 @@ sed -e "s/#pkcs11-module-encode-key-uri-to-pem/pkcs11-module-encode-key-uri-to-p
     "${OPENSSL_CONF}" > "${OPENSSL_CONF}.encode_to_pem"
 OPENSSL_CONF=${OPENSSL_CONF}.encode_to_pem
 
+cat <<EOF > "${TMPPDIR}/pk11-uri.asn1def"
+pk11-uri { }
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+pk11-uri ::= SEQUENCE {
+	 type OBJECT IDENTIFIER,
+	 uri UTF8String
+}
+END
+EOF
+
 make-pkey-pem() {
     URI=$1
     OUT=$2
 
     RANDOM_HEX=$(od -A n -N 15 -t x1 /dev/random)
-    TMP_FILE="${TMPPDIR}/pem-encoder-${RANDOM_HEX}.cnf"
-    cat > "${TMP_FILE}" << EOF
-asn1=SEQUENCE:pk11-uri
-[pk11-uri]
-type=OID:2.5.4.83
-uri=UTF8:${URI}
+    TMP_FILE="${TMPPDIR}/pem-encoder-${RANDOM_HEX// /}"
+    cat > "${TMP_FILE}.asg" << EOF
+dp pk11-uri.pk11-uri
+type 2.5.4.83
+uri ${URI}
 EOF
+    asn1Coding --output="${TMP_FILE}.asn1" "${TMPPDIR}/pk11-uri.asn1def" "${TMP_FILE}.asg"
     {
 	echo "-----BEGIN PRIVATE KEY PK11-URI-----"
-	$CHECKER openssl base64 -in <( $CHECKER openssl asn1parse -noout -out - -genconf "${TMP_FILE}" )
+	base64 "${TMP_FILE}.asn1"
 	echo "-----END PRIVATE KEY PK11-URI-----"
     }  > "${OUT}"
-    rm "${TMP_FILE}"
+    rm "${TMP_FILE}.asg" "${TMP_FILE}.asn1"
 }
 
 sign-verify() {
@@ -37,7 +48,7 @@ sign-verify() {
     FILE=$3
 
     RANDOM_HEX=$(od -A n -N 15 -t x1 /dev/random)
-    TMP_FILE="${TMPPDIR}/sign-verify-pem-encoder-${RANDOM_HEX}.bin"
+    TMP_FILE="${TMPPDIR}/sign-verify-pem-encoder-${RANDOM_HEX// /}.bin"
 
     $CHECKER openssl pkeyutl -sign -rawin -digest sha256 \
             -inkey "${PRIV_KEY}" \
@@ -98,10 +109,19 @@ sign-verify "${TMPPDIR}/ec-pkey-uri.pem" \
 
 title PARA "Test ambiguous key is unusable"
 
-make-pkey-pem "${BASEURI}" "${TMPPDIR}/priuri-pkey.pem"
+make-pkey-pem "${BASEURI}" "${TMPPDIR}/baseuri-key.pem"
+FAIL=0
+ossl '
+pkey -in "${TMPPDIR}/baseuri-key.pem"' || FAIL=1
+if [ $FAIL -eq 0 ]; then
+    echo "Should fail because the pem references multiple and/or non-private keys"
+    exit 1
+fi
+
+make-pkey-pem "${PUBURI}" "${TMPPDIR}/puburi-key.pem"
 FAIL=0
 ossl '
-pkey -in "${TMPPDIR}/priuri-pkey.pem"' || FAIL=1
+pkey -in "${TMPPDIR}/puburi-key.pem"' || FAIL=1
 if [ $FAIL -eq 0 ]; then
     echo "Should fail because the pem references multiple and/or non-private keys"
     exit 1