diff --git a/gestion/tools/apt-keys-crans.py b/gestion/tools/apt-keys-crans.py
index b262b4d8..d650793a 100755
--- a/gestion/tools/apt-keys-crans.py
+++ b/gestion/tools/apt-keys-crans.py
@@ -2,27 +2,24 @@
 # -*- coding: utf-8 -*-
 
 import os
+import sys
 from subprocess import Popen, PIPE, STDOUT
 import lc_ldap.shortcuts
 from socket import gethostname
 
-
 keyserver='komaz.adm.crans.org'
 basedir='/bcfg2/Cfg/etc/crans/apt-keys/'
 
-
 conn=lc_ldap.shortcuts.lc_ldap_readonly()
 nounou=conn.search(u"(&(gpgFingerprint=*)(droits=nounou))")
 fpr=[u['gpgFingerprint'][0].value for u in nounou]
 
 def refresh_keys():
     p = Popen(['gpg', '--keyserver', 'komaz.adm.crans.org', '--recv-keys'] + fpr, stdout=PIPE, stdin=PIPE, stderr=STDOUT)
-    ret=p.communicate()
+    # ret = (stdoutdata, stderrdata) if stdout/stderr sent to PIPE
+    ret = p.communicate()
     if ret[1]:
-        print ret[1]
-    if ret[0]:
-        print ret[0]
-
+        print >> sys.stderr, ret[1]
 
 def write_keys():
     for user in nounou:
@@ -35,16 +32,15 @@ def write_keys():
         p = Popen(['gpg', '--armor', '--export-options', 'export-minimal', '--export', user['gpgFingerprint'][0].value], stdout=PIPE, stdin=PIPE, stderr=STDOUT)
         ret=p.communicate()
         if ret[1]:
-            print ret[1]
+            print >> sys.stderr, ret[1]
         if ret[0]:
             with open(path, 'w') as f:
                 f.write(ret[0])
                 f.close()
-            print "Witten down %s" % path
 
 if __name__ == '__main__':
     if gethostname() != 'bcfg2':
-        print "Doit être lancé sur bcfg2"
+        print >> sys.stderr, "Doit être lancé sur bcfg2"
         exit(1)
     else:
         refresh_keys()