diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index da226169..42e81442 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -627,7 +627,7 @@ static int tcos_set_security_env(sc_card_t *card,
 
         if (se_num) SC_FUNC_RETURN(ctx, 1, SC_ERROR_INVALID_ARGUMENTS);
 
-	if(ctx->debug >= 3) sc_debug(ctx, "Security Environment %d:%02X\n", env->key_ref_len, *env->key_ref);
+	if(ctx->debug >= 3) sc_debug(ctx, "Security Environment Ref=%d:%02X\n", env->key_ref_len, *env->key_ref);
 	if(env->operation == SC_SEC_OPERATION_SIGN &&
 	   (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || (env->key_ref_len==1 && *env->key_ref==0x80))
 	){
@@ -712,6 +712,10 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
 	if (datalen > 255) SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS);
 
 	if(((tcos_data *)card->drv_data)->sign_with_def_env){
+		if(datalen>48){
+			sc_error(card->ctx, "Data to be signed is too long (TCOS supports max. 48 bytes)\n");
+			SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS);
+		}
 		sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0x9A);
 		memcpy(sbuf, data, datalen);
 	} else {
diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
index cc811cec..733c49b8 100644
--- a/src/libopensc/pkcs15-tcos.c
+++ b/src/libopensc/pkcs15-tcos.c
@@ -56,13 +56,13 @@ int sc_pkcs15emu_tcos_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opt
 		{-1, 0x46, 0, "DF01C100",     "Telesec Authentifizierungs Zertifikat"},
 		{-1, 0x46, 1, "DF014371",     "Authentifizierungs Zertifikat 1"},
 		{-1, 0x46, 1, "DF014372",     "Authentifizierungs Zertifikat 2"},
-		{-1, 0x47, 0, "DF01C200",     "Telesec Verschlüsselungs Zertifikat"},
-		{-1, 0x47, 1, "DF0143B1",     "Verschlüsselungs Zertifikat 1"},
-		{-1, 0x47, 1, "DF0143B2",     "Verschlüsselungs Zertifikat 2"},
+		{-1, 0x47, 0, "DF01C200",     "Telesec Verschluesselungs Zertifikat"},
+		{-1, 0x47, 1, "DF0143B1",     "Verschluesselungs Zertifikat 1"},
+		{-1, 0x47, 1, "DF0143B2",     "Verschluesselungs Zertifikat 2"},
 		{-1, 0x48, 1, "41014352",     "W2K Logon Zertifikat"},
 		{ 2, 0x45, 1, "8000DF01C000", "SignTrust Signatur Zertifikat"},
-		{-2, 0x46, 1, "800082008220", "SignTrust Authentifizierungs Zertifikat"},
-		{-2, 0x47, 1, "800083008320", "SignTrust Verschlüsselungs Zertifikat"},
+		{-2, 0x46, 1, "800082008220", "SignTrust Verschluesselungs Zertifikat"},
+		{-2, 0x47, 1, "800083008320", "SignTrust Authentifizierungs Zertifikat"},
 		{ 3, 0x45, 1, "41014352",     "Smartkey Zertifikat A1"},
 		{-3, 0x46, 1, "41014353",     "Smartkey Zertifikat A2"},
 		{ 3, 0x47, 1, "42014352",     "Smartkey Zertifikat B1"},
@@ -78,20 +78,20 @@ int sc_pkcs15emu_tcos_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opt
 		unsigned char key_reference;
 		const char   *label;
 	} keylist[]={
-		{1, 0x45, 4, "DF015331",     0x80, "Signatur Schlüssel"},
-		{1, 0x46, 3, "DF015371",     0x82, "Authentifizierungs Schlüssel"},
-		{1, 0x47, 3, "DF0153B1",     0x81, "Verschlüsselungs Schlüssel"},
-		{1, 0x48, 1, "41015103",     0x83, "W2K Logon Schlüssel"},
-		{2, 0x45, 1, "8000DF015331", 0x80, "Signatur Schlüssel"},
-		{2, 0x46, 2, "800082008210", 0x80, "Authentifzierungs Schlüssel"},
-		{2, 0x47, 3, "800083008310", 0x80, "Verschlüsselungs Schlüssel"},
-		{3, 0x45, 1, "41015103",     0x83, "Smartkey Schlüssel A1"},
-		{3, 0x46, 1, "41015104",     0x84, "Smartkey Schlüssel A2"},
-		{3, 0x47, 1, "42015103",     0x83, "Smartkey Schlüssel B1"},
-		{3, 0x48, 1, "42015104",     0x84, "Smartkey Schlüssel B2"},
-		{3, 0x49, 1, "43015103",     0x83, "Smartkey Schlüssel C1"},
-		{3, 0x4A, 1, "43015104",     0x84, "Smartkey Schlüssel C2"},
-		{4, 0x45, 1, "3F004100",     0x83, "UniCard Giessen Schlüssel"},
+		{1, 0x45, 4, "DF015331",     0x80, "Signatur Schluessel"},
+		{1, 0x46, 3, "DF015371",     0x82, "Authentifizierungs Schluessel"},
+		{1, 0x47, 3, "DF0153B1",     0x81, "Verschluesselungs Schluessel"},
+		{1, 0x48, 1, "41015103",     0x83, "W2K Logon Schluessel"},
+		{2, 0x45, 1, "8000DF015331", 0x80, "Signatur Schluessel"},
+		{2, 0x46, 2, "800082008210", 0x80, "Verschluesselungs Schluessel"},
+		{2, 0x47, 3, "800083008310", 0x80, "Authentifizierungs Schluessel"},
+		{3, 0x45, 1, "41015103",     0x83, "Smartkey Schluessel A1"},
+		{3, 0x46, 1, "41015104",     0x84, "Smartkey Schluessel A2"},
+		{3, 0x47, 1, "42015103",     0x83, "Smartkey Schluessel B1"},
+		{3, 0x48, 1, "42015104",     0x84, "Smartkey Schluessel B2"},
+		{3, 0x49, 1, "43015103",     0x83, "Smartkey Schluessel C1"},
+		{3, 0x4A, 1, "43015104",     0x84, "Smartkey Schluessel C2"},
+		{4, 0x45, 1, "3F004100",     0x83, "UniCard Giessen Schluessel"},
 		{0, 0, 0, NULL, 0, NULL}
 	};
 	static const struct {
@@ -116,10 +116,10 @@ int sc_pkcs15emu_tcos_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opt
 		{2, 1, 0, 6, 0x81, "8000DF010000", "Signatur PIN",
 			SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | SC_PKCS15_PIN_FLAG_LOCAL |
 			SC_PKCS15_PIN_FLAG_INITIALIZED},
-		{2, 2, 0, 6, 0x81, "800082000040", "Authentifizierungs PIN",
+		{2, 2, 0, 6, 0x81, "800082000040", "Verschluesselungs PIN",
 			SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | SC_PKCS15_PIN_FLAG_LOCAL |
 			SC_PKCS15_PIN_FLAG_INITIALIZED},
-		{2, 3, 0, 6, 0x81, "800083000040", "Verschlüsselungs PIN",
+		{2, 3, 0, 6, 0x81, "800083000040", "Authentifizierungs PIN",
 			SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | SC_PKCS15_PIN_FLAG_LOCAL |
 			SC_PKCS15_PIN_FLAG_INITIALIZED},
 		{3, 1, 2, 6, 0x00, "5000", "globale PIN",