diff --git a/tests/ragger/cal/cal.py b/tests/ragger/cal/cal.py
deleted file mode 100644
index e75fcab..0000000
--- a/tests/ragger/cal/cal.py
+++ /dev/null
@@ -1,18 +0,0 @@
-import os
-import hashlib
-from ecdsa.util import sigencode_der
-from ecdsa import SigningKey
-
-_key: SigningKey = None
-
-def _init_key():
-    global _key
-    with open(os.path.dirname(__file__) + "/key.pem") as pem_file:
-        _key = SigningKey.from_pem(pem_file.read(), hashlib.sha256)
-    assert _key != None
-
-def sign(data: bytes) -> bytes:
-    global _key
-    if not _key:
-        _init_key()
-    return _key.sign_deterministic(data, sigencode=sigencode_der)
diff --git a/tests/ragger/eip712/InputData.py b/tests/ragger/eip712/InputData.py
index 40a3882..02a96eb 100644
--- a/tests/ragger/eip712/InputData.py
+++ b/tests/ragger/eip712/InputData.py
@@ -5,7 +5,7 @@ import sys
 import re
 import hashlib
 from app.client import EthereumClient, EIP712FieldType
-from cal import cal
+import keychain
 
 # global variables
 app_client: EthereumClient = None
@@ -251,7 +251,7 @@ def send_filtering_message_info(display_name: str, filters_count: int):
     for char in display_name:
         to_sign.append(ord(char))
 
-    sig = cal.sign(to_sign)
+    sig = keychain.sign_data(keychain.Key.CAL, to_sign)
     app_client.eip712_filtering_message_info(display_name, filters_count, sig)
 
 # ledgerjs doesn't actually sign anything, and instead uses already pre-computed signatures
@@ -269,7 +269,7 @@ def send_filtering_show_field(display_name):
         to_sign.append(ord(char))
     for char in display_name:
         to_sign.append(ord(char))
-    sig = cal.sign(to_sign)
+    sig = keychain.sign_data(keychain.Key.CAL, to_sign)
     app_client.eip712_filtering_show_field(display_name, sig)
 
 def read_filtering_file(domain, message, filtering_file_path):
diff --git a/tests/ragger/keychain.py b/tests/ragger/keychain.py
new file mode 100644
index 0000000..194bf49
--- /dev/null
+++ b/tests/ragger/keychain.py
@@ -0,0 +1,26 @@
+import os
+import hashlib
+from ecdsa.util import sigencode_der
+from ecdsa import SigningKey
+from enum import Enum, auto
+
+# Private key PEM files have to be named the same (lowercase) as their corresponding enum entries
+# Example: for an entry in the Enum named DEV, its PEM file must be at keychain/dev.pem
+class Key(Enum):
+    CAL = auto()
+
+_keys: dict[Key, SigningKey] = dict()
+
+# Open the corresponding PEM file and load its key in the global dict
+def _init_key(key: Key):
+    global _keys
+    with open("%s/keychain/%s.pem" % (os.path.dirname(__file__), key.name.lower())) as pem_file:
+        _keys[key] = SigningKey.from_pem(pem_file.read(), hashlib.sha256)
+    assert (key in _keys) and (_keys[key] != None)
+
+# Generate a SECP256K1 signature of the given data with the given key
+def sign_data(key: Key, data: bytes) -> bytes:
+    global _keys
+    if key not in _keys:
+        _init_key(key)
+    return _keys[key].sign_deterministic(data, sigencode=sigencode_der)
diff --git a/tests/ragger/cal/key.pem b/tests/ragger/keychain/cal.pem
similarity index 100%
rename from tests/ragger/cal/key.pem
rename to tests/ragger/keychain/cal.pem