diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index 6e34c71..8e5886d 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -9,20 +9,6 @@ if [ -z "$xmlsec_app" -o -z "$crypto_config_folder" ]; then
     exit 1
 fi
 
-# Setup URL to files mapping for offline testing, if tests are run against online
-# then some tests might fail.
-if [ -z "$XMLSEC_TEST_ONLINE" ]; then
-    url_map_xml_stylesheet_2005="--url-map:http://www.w3.org/TR/xml-stylesheet $topfolder/external-data/xml-stylesheet-2005"
-    url_map_xml_stylesheet_b64_2005="--url-map:http://www.w3.org/Signature/2002/04/xml-stylesheet.b64 $topfolder/external-data/xml-stylesheet-2005.b64"
-    url_map_xml_stylesheet_2018="--url-map:http://www.w3.org/TR/xml-stylesheet $topfolder/external-data/xml-stylesheet-2018"
-    url_map_rfc3161="--url-map:http://www.ietf.org/rfc/rfc3161.txt $topfolder/external-data/rfc3161.txt"
-else
-    url_map_xml_stylesheet_2005=""
-    url_map_xml_stylesheet_b64_2005=""
-    url_map_xml_stylesheet_2018=""
-    url_map_rfc3161=""
-fi
-
 ##########################################################################
 ##########################################################################
 ##########################################################################
@@ -531,15 +517,6 @@ if [ "z$crypto" = "zmscng" ] ; then
         "--untrusted-$cert_format $topfolder/keys/largersacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 fi
 
-execDSigTest $res_success \
-    "" \
-    "aleksey-xmldsig-01/signature-two-keynames" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
-    "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
-    "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018"
-
 execDSigTest $res_success \
     "" \
     "aleksey-xmldsig-01/enveloping-dsa-x509chain" \
@@ -1372,156 +1349,6 @@ execDSigTest $res_success \
     "--enabled-key-data key-value,key-name,rsa $priv_key_option:mykey $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
     "--enabled-key-data key-value,key-name,rsa"
 
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
-    "base64 sha1 dsa-sha1" \
-    "dsa" \
-    "--enabled-key-data key-value,key-name,dsa $url_map_xml_stylesheet_b64_2005" \
-    "--enabled-key-data key-value,key-name,dsa $priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_b64_2005" \
-    "--enabled-key-data key-value,key-name,dsa $url_map_xml_stylesheet_b64_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-external-dsa" \
-    "sha1 dsa-sha1" \
-    "dsa" \
-    "--enabled-key-data key-value,key-name,dsa $url_map_xml_stylesheet_2005" \
-    "--enabled-key-data key-value,key-name,dsa $priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
-    "--enabled-key-data key-value,key-name,dsa $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-keyname" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-x509-crt" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
-
-extra_message="Negative test: CRL is present"
-execDSigTest $res_fail \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
-
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-x509-sn" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-x509-is" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-x509-ski" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
-    "$priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
-    "--lax-key-search $priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmldsig-twenty-three/signature" \
-    "base64 xpath xslt enveloped-signature c14n-with-comments sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
-    "--lax-key-search $priv_key_option:mykey $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
-    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005"
-
-
-##########################################################################
-#
-# merlin-xmlenc-five
-#
-# While the main operation is signature (and this is why we have these
-# tests here instead of testEnc.sh), these tests check the encryption
-# key transport/wrapper algorightms
-#
-##########################################################################
-execDSigTest $res_success \
-    "" \
-    "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
-    "ripemd160 hmac-ripemd160 kw-tripledes" \
-    "hmac des" \
-    "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
-    "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
-    "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
-    "sha256 hmac-sha256 kw-aes128" \
-    "hmac aes" \
-    "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
-    "sha384 hmac-sha384 kw-aes192" \
-    "hmac aes" \
-    "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
-    "sha512 hmac-sha512 kw-aes256" \
-    "hmac aes" \
-    "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
-
-execDSigTest $res_success \
-    "" \
-    "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
-    "sha1 hmac-sha256 rsa-1_5" \
-    "hmac rsa" \
-    "--lax-key-search $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret --verification-gmt-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005"
-
-# Advanced RSA OAEP modes:
-# - MSCrypto only supports SHA1 for digest and mgf1
-# - GCrypt/GnuTLS and MSCng only supoprts the *same* algorithm for *both* digest and mgf1
-if [ "z$crypto" != "zmscrypto" -a "z$crypto" != "zmscng" -a "z$crypto" != "zgcrypt" ] ; then
-    execDSigTest $res_success \
-        "" \
-        "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
-        "sha1 hmac-sha256 rsa-oaep-mgf1p sha1  sha1" \
-        "hmac rsa" \
-        "--lax-key-search $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret $url_map_xml_stylesheet_2005"
-fi
-
-
 ##########################################################################
 #
 # merlin-exc-c14n-one
@@ -1575,20 +1402,6 @@ execDSigTest $res_success \
 #
 ##########################################################################
 
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-big" \
-    "base64 xslt xpath sha1 rsa-sha1" \
-    "rsa x509" \
-    "--lax-key-search --pubkey-cert-$cert_format certs/rsa-cert.$cert_format $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-dsa-detached" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
 execDSigTest $res_success \
     "phaos-xmldsig-three" \
     "signature-dsa-enveloped" \
@@ -1603,13 +1416,6 @@ execDSigTest $res_success \
     "dsa x509" \
     "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00"
 
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-dsa-manifest" \
-    "sha1 dsa-sha1" \
-    "dsa x509" \
-    "--enabled-key-data key-value,dsa,x509 --trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
 execDSigTest $res_success \
     "phaos-xmldsig-three" \
     "signature-hmac-md5-c14n-enveloping" \
@@ -1617,27 +1423,6 @@ execDSigTest $res_success \
     "hmac" \
     "--lax-key-search --hmackey certs/hmackey.bin"
 
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-hmac-sha1-40-c14n-comments-detached" \
-    "c14n-with-comments sha1 hmac-sha1" \
-    "hmac" \
-    "--lax-key-search --hmackey certs/hmackey.bin  $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
-    "exc-c14n-with-comments sha1 hmac-sha1" \
-    "hmac" \
-    "--lax-key-search --hmackey certs/hmackey.bin $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-hmac-sha1-exclusive-c14n-comments-detached" \
-    "exc-c14n-with-comments sha1 hmac-sha1" \
-    "hmac" \
-    "--lax-key-search --hmackey certs/hmackey.bin  $url_map_rfc3161"
-
 execDSigTest $res_success \
     "phaos-xmldsig-three" \
     "signature-hmac-sha1-exclusive-c14n-enveloped" \
@@ -1645,42 +1430,6 @@ execDSigTest $res_success \
     "hmac" \
     "--lax-key-search --hmackey certs/hmackey.bin"
 
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00  $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached-b64-transform" \
-    "base64 sha1 rsa-sha1" \
-    "rsa x509" \
-    "--enabled-key-data key-value,rsa,x509  --trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00  $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached-xpath-transform" \
-    "xpath sha1 rsa-sha1" \
-    "rsa x509" \
-    "--enabled-key-data key-value,rsa,x509 --trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00  $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached-xslt-transform-retrieval-method" \
-    "xslt sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00  $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached-xslt-transform" \
-    "xslt sha1 rsa-sha1" \
-    "rsa x509" \
-    "--enabled-key-data key-value,rsa,x509 --trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00  $url_map_rfc3161"
-
-
 execDSigTest $res_success \
     "phaos-xmldsig-three" \
     "signature-rsa-enveloped" \
@@ -1695,48 +1444,6 @@ execDSigTest $res_success \
     "rsa x509" \
     "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00"
 
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest-x509-data-cert-chain" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest-x509-data-cert" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest-x509-data-issuer-serial" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest-x509-data-ski" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest-x509-data-subject-name" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
-execDSigTest $res_success \
-    "phaos-xmldsig-three" \
-    "signature-rsa-manifest" \
-    "sha1 rsa-sha1" \
-    "rsa x509" \
-    "--enabled-key-data key-value,rsa,x509 --trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00 $url_map_rfc3161"
-
 execDSigTest $res_success \
     "phaos-xmldsig-three" \
     "signature-rsa-xpath-transform-enveloped" \
@@ -1745,14 +1452,6 @@ execDSigTest $res_success \
     "--enabled-key-data key-value,rsa,x509 --trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-gmt-time 2009-01-01+10:00:00"
 
 
-extra_message="Negative test: bad retrieval method"
-execDSigTest $res_fail \
-    "phaos-xmldsig-three" \
-    "signature-rsa-detached-xslt-transform-bad-retrieval-method" \
-    "xslt sha1 rsa-sha1" \
-    "rsa x509" \
-    "--enabled-key-data key-value,rsa,x509 --trusted-$cert_format certs/rsa-ca-cert.$cert_format $url_map_rfc3161"
-
 extra_message="Negative test: bad digest"
 execDSigTest $res_fail \
     "phaos-xmldsig-three" \