diff --git a/cli/src/main/java/dev/fitko/fitconnect/cli/keygen/JWKGenerator.java b/cli/src/main/java/dev/fitko/fitconnect/cli/keygen/JWKGenerator.java
index 705fb8b6eb04da7ee7eccb64a52455c4a560b3e3..f38ba5f8ba8091780313bade25e2d6af1981a4bd 100644
--- a/cli/src/main/java/dev/fitko/fitconnect/cli/keygen/JWKGenerator.java
+++ b/cli/src/main/java/dev/fitko/fitconnect/cli/keygen/JWKGenerator.java
@@ -34,7 +34,7 @@ import java.util.UUID;
 /**
  * JWK Test Key Generator.
  * <p>
- * Generates public and private keys for encryption and signing with.
+ * Generates key pairs of public and private keys for encryption and signing.
  */
 public class JWKGenerator {
 
diff --git a/cli/src/test/java/dev/fitko/fitconnect/cli/CommandLineClientTest.java b/cli/src/test/java/dev/fitko/fitconnect/cli/CommandLineClientTest.java
index 07c7c57b4da11e465dfd2d6e03d503ff5b4a4e54..71e1e09ed478847e63206f66c45e8ffaa6943bf5 100644
--- a/cli/src/test/java/dev/fitko/fitconnect/cli/CommandLineClientTest.java
+++ b/cli/src/test/java/dev/fitko/fitconnect/cli/CommandLineClientTest.java
@@ -8,6 +8,7 @@ import dev.fitko.fitconnect.api.domain.model.submission.SubmissionForPickup;
 import dev.fitko.fitconnect.api.services.Subscriber;
 import dev.fitko.fitconnect.cli.batch.CsvImporter;
 import dev.fitko.fitconnect.cli.batch.ImportRecord;
+import dev.fitko.fitconnect.cli.keygen.KeyWriter;
 import dev.fitko.fitconnect.client.SenderClient;
 import dev.fitko.fitconnect.client.SubscriberClient;
 import dev.fitko.fitconnect.client.sender.model.Attachment;
@@ -19,6 +20,7 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.HashSet;
 import java.util.List;
@@ -26,6 +28,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -139,6 +142,31 @@ class CommandLineClientTest {
         logs.assertContains("DONE ! Finished batch import of " + importRecords.size() + " submissions");
     }
 
+    @Test
+    void testKeyGeneration(@TempDir final Path tempDir) {
+
+        // When
+        underTest.run("keygen", "--outDir=" + tempDir.toAbsolutePath());
+
+        // Then
+        logs.assertContains("Writing keys to directory " + tempDir.toAbsolutePath());
+
+        assertTrue(Files.exists(Path.of(tempDir.toString(), KeyWriter.PUBLIC_ENCRYPTION_KEY_NAME)));
+        assertTrue(Files.exists(Path.of(tempDir.toString(), KeyWriter.PRIVATE_DECRYPTION_KEY_NAME)));
+        assertTrue(Files.exists(Path.of(tempDir.toString(), KeyWriter.PUBLIC_SIGNATURE_VERIFICATION_KEY_NAME)));
+        assertTrue(Files.exists(Path.of(tempDir.toString(), KeyWriter.PRIVATE_SIGNING_KEY_NAME)));
+    }
+
+    @Test
+    void testKeyGenerationWithConfigOption(@TempDir final Path tempDir) {
+
+        // When
+        underTest.run("keygen", "--outDir=" + tempDir.toAbsolutePath(), "--withConfig=true");
+
+        // Then
+        assertTrue(Files.exists(Path.of(tempDir.toString(), "config.yml")));
+    }
+
     private Set<SubmissionForPickup> generateSubmissions(final UUID destinationId, final int count) {
         final Set<SubmissionForPickup> submissions = new HashSet<>(count);
         for (int i = 0; i < count; i++) {
diff --git a/pom.xml b/pom.xml
index 79f8d1e4bff59becc108fde6b49316740301e7b2..7173afee8f30411be93eb6ea35da728c04dc64b1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,7 +60,6 @@
 
         <!-- 3rd party dependencies -->
         <nimbus.version>9.31</nimbus.version>
-        <bouncy-castle.version>1.74</bouncy-castle.version>
         <okhttp.version>4.11.0</okhttp.version>
 
         <jackson-databind.version>2.15.2</jackson-databind.version>
@@ -171,16 +170,6 @@
                 <artifactId>nimbus-jose-jwt</artifactId>
                 <version>${nimbus.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcprov-jdk18on</artifactId>
-                <version>${bouncy-castle.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcpkix-jdk18on</artifactId>
-                <version>${bouncy-castle.version}</version>
-            </dependency>
             <dependency>
                 <groupId>ch.qos.logback</groupId>
                 <artifactId>logback-classic</artifactId>