diff --git a/Makefile b/Makefile
index f775704a..c1974c41 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ REPO:=github.com/tendermint/go-crypto
 all: get_vendor_deps metalinter_test test
 
 test:
-	go test `glide novendor`
+	go test -p 1 `glide novendor`
 
 get_vendor_deps: ensure_tools
 	@rm -rf vendor/
diff --git a/keys/cryptostore/holder_test.go b/keys/cryptostore/holder_test.go
index dbd26971..f0dc77c4 100644
--- a/keys/cryptostore/holder_test.go
+++ b/keys/cryptostore/holder_test.go
@@ -185,6 +185,7 @@ func TestSignWithLedger(t *testing.T) {
 	assert.Equal(info.Name, n)
 	key := info.PubKey
 	require.False(key.Empty())
+	require.True(key.Equals(c.PubKey))
 
 	// let's try to sign some messages
 	d1 := []byte("welcome to cosmos")
diff --git a/nano/keys.go b/nano/keys.go
index 2ab4d59a..c0eccc49 100644
--- a/nano/keys.go
+++ b/nano/keys.go
@@ -92,6 +92,8 @@ func (pk *PrivKeyLedger) Sign(msg []byte) crypto.Signature {
 	// if we have no pubkey yet, store it for future queries
 	if pk.CachedPubKey.Empty() {
 		pk.CachedPubKey = pub
+	} else if !pk.CachedPubKey.Equals(pub) {
+		panic("signed with a different key than stored")
 	}
 	return sig
 }
diff --git a/nano/sign.go b/nano/sign.go
index 3f0df9ee..874d134e 100644
--- a/nano/sign.go
+++ b/nano/sign.go
@@ -3,7 +3,6 @@ package nano
 import (
 	"bytes"
 	"crypto/sha512"
-	"fmt"
 
 	"github.com/pkg/errors"
 
@@ -55,7 +54,6 @@ func parseDigest(resp []byte) (key, sig []byte, err error) {
 	if !bytes.Equal(separator, resp[:len(separator)]) {
 		return nil, nil, errors.New("Cannot find 0xCAFE")
 	}
-	fmt.Println("successs")
 
 	sig = resp[len(separator):]
 	return key, sig, nil