diff --git a/tests/include.am b/tests/include.am
index 73e59d3d3..7453a1793 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -27,5 +27,6 @@ EXTRA_DIST += tests/test.conf \
               tests/test-dtls.conf \
               tests/test-sctp.conf \
               tests/test-sig.conf \
-              tests/test-ed25519.conf
+              tests/test-ed25519.conf \
+              tests/test-enckeys.conf
 DISTCLEANFILES+= tests/.libs/unit.test
diff --git a/tests/suites.c b/tests/suites.c
index 840de6b3c..0ef94f63b 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -658,7 +658,6 @@ int SuiteTest(void)
         goto exit;
     }
 #endif
-
 #ifndef NO_PSK
     /* add psk extra suites */
     strcpy(argv0[1], "tests/test-psk-no-id.conf");
@@ -670,6 +669,17 @@ int SuiteTest(void)
         goto exit;
     }
 #endif
+#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)
+    /* test encrypted keys */
+    strcpy(argv0[1], "tests/test-enckeys.conf");
+    printf("starting encrypted keys extra cipher suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif
 
 exit:
     printf(" End Cipher Suite Tests\n");
diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf
new file mode 100644
index 000000000..9e371c239
--- /dev/null
+++ b/tests/test-enckeys.conf
@@ -0,0 +1,42 @@
+# server RSA encrypted key
+-v 3
+-k ./certs/server-keyEnc.pem
+
+# client RSA encrypted key
+-v 3
+-k ./certs/client-keyEnc.pem
+
+# server RSA encrypted key PKCS8
+-v 3
+-k ./certs/server-keyPkcs8Enc.pem
+
+# client RSA encrypted key
+-v 3
+-k ./certs/client-keyEnc.pem
+
+# server RSA encrypted key PKCS8 2
+-v 3
+-k ./certs/server-keyPkcs8Enc2.pem
+
+# client RSA encrypted key
+-v 3
+-k ./certs/client-keyEnc.pem
+
+# server RSA encrypted key PKCS8 12
+-v 3
+-k ./certs/server-keyPkcs8Enc12.pem
+
+# client RSA encrypted key
+-v 3
+-k ./certs/client-keyEnc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key
+-v 3
+-l ECDHE-ECDSA-AES128-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-keyPkcs8Enc.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
+-v 3
+-l ECDHE-ECDSA-AES128-SHA256
+-A ./certs/ca-ecc-cert.pem
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e2bfcdfd0..6f957befd 100755
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7636,7 +7636,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         } else
 #endif
 #ifdef HAVE_ED25519
-        if (header == BEGIN_DSA_PRIV) {
+    #ifdef HAVE_ECC
+        if (header == BEGIN_DSA_PRIV)
+    #else
+        if (header == BEGIN_ENC_PRIV_KEY)
+    #endif
+        {
             header =  BEGIN_EDDSA_PRIV;     footer = END_EDDSA_PRIV;
         } else
 #endif