Merge branch 'master' of ssh://gnunet.org/gnunet

149 files changed, 2117 insertions, 1301 deletions

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 5c379eed8..6aab56d14 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -185,6 +185,7 @@ src/gnsrecord/gnsrecord_crypto.c
 src/gnsrecord/gnsrecord_misc.c
 src/gnsrecord/gnsrecord_serialization.c
 src/gnsrecord/gnunet-gnsrecord-tvg.c
+src/gnsrecord/json_gnsrecord.c
 src/gnsrecord/plugin_gnsrecord_dns.c
 src/hello/address.c
 src/hello/gnunet-hello.c
@@ -201,7 +202,6 @@ src/identity/identity_api_suffix_lookup.c
 src/identity/plugin_rest_identity.c
 src/json/json.c
 src/json/json_generator.c
-src/json/json_gnsrecord.c
 src/json/json_helper.c
 src/json/json_mhd.c
 src/my/my.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 234a63389..f98cb96df 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,8 +11,8 @@ endif
 
 if HAVE_EXPERIMENTAL
  EXP_DIR = \
-  rps \
-  abd
+  rps
+  #abd FTBFS
 if HAVE_ABE
  EXP_DIR += \
   abe
@@ -51,7 +51,6 @@ SUBDIRS = \
   include $(INTLEMU_SUBDIRS) \
   util \
   nt \
-  gnsrecord \
   hello \
   block \
   statistics \
@@ -74,7 +73,6 @@ SUBDIRS = \
   fragmentation \
   transport \
   ats-tool \
-  peerinfo-tool \
   core \
   $(TESTBED) \
   $(ATS_TESTS) \
@@ -85,8 +83,10 @@ SUBDIRS = \
   regex \
   dns \
   identity \
+  gnsrecord \
   namecache \
   namestore \
+  peerinfo-tool \
   cadet \
   set \
   seti \
diff --git a/src/ats-tests/ats-testing-log.c b/src/ats-tests/ats-testing-log.c
index 38094a438..955401dd8 100644
--- a/src/ats-tests/ats-testing-log.c
+++ b/src/ats-tests/ats-testing-log.c
@@ -575,7 +575,7 @@ GNUNET_ATS_TEST_logging_write_to_file (struct LoggingHandle *l,
 
         /* Assembling slave string */
         GNUNET_asprintf (&data,
-                         "%llu;%llu;%u;%u;%u;%u;%u;%u;%.3f;%u;%u;%u;%u;%u;%u;%u;%.3f;%.3f\n",
+                         "%llu;%llu;%u;%u;%u;%u;%u;%u;%.3f;%u;%u;%llu;%u;%u;%u;%u;%.3f;%.3f\n",
                          (long long unsigned
                           int) cur_lt->timestamp.abs_value_us,
                          (long long unsigned
@@ -593,7 +593,7 @@ GNUNET_ATS_TEST_logging_write_to_file (struct LoggingHandle *l,
                          (double) plt->app_rtt / 1000,
                          plt->bandwidth_in,
                          plt->bandwidth_out,
-                         plt->ats_delay,
+                         plt->ats_delay.rel_value_us,
                          plt->ats_distance,
                          plt->ats_network_type,
                          plt->ats_utilization_out,
diff --git a/src/cadet/gnunet-service-cadet_channel.c b/src/cadet/gnunet-service-cadet_channel.c
index dab53b8c4..ae6d21452 100644
--- a/src/cadet/gnunet-service-cadet_channel.c
+++ b/src/cadet/gnunet-service-cadet_channel.c
@@ -442,7 +442,7 @@ GCCH_2s (const struct CadetChannel *ch)
                    ? "loopback"
                    : GNUNET_i2s (GCP_get_id (GCT_get_destination (ch->t))),
                    GNUNET_h2s (&ch->port),
-                   ch->ctn,
+                   ch->ctn.cn,
                    (NULL == ch->owner)
                    ? 0
                    : ntohl (ch->owner->ccn.channel_of_client),
@@ -1899,10 +1899,10 @@ GCCH_handle_local_data (struct CadetChannel *ch,
   GNUNET_memcpy (&crm->data_message[1], buf, buf_len);
   GNUNET_CONTAINER_DLL_insert_tail (ch->head_sent, ch->tail_sent, crm);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Sending message %u from local client to %s with %u bytes\n",
+       "Sending message %u from local client to %s with %lu bytes\n",
        ntohl (crm->data_message->mid.mid),
        GCCH_2s (ch),
-       buf_len);
+       (unsigned long) buf_len);
   if (NULL != ch->retry_data_task)
   {
     GNUNET_SCHEDULER_cancel (ch->retry_data_task);
@@ -2044,7 +2044,7 @@ GCCH_debug (struct CadetChannel *ch, enum GNUNET_ErrorType level)
     LOG2 (level, "CHN *** DEBUG NULL CHANNEL ***\n");
     return;
   }
-  LOG2 (level, "CHN %s:%X (%p)\n", GCT_2s (ch->t), ch->ctn, ch);
+  LOG2 (level, "CHN %s:%X (%p)\n", GCT_2s (ch->t), ch->ctn.cn, ch);
   if (NULL != ch->owner)
   {
     LOG2 (level,
@@ -2062,7 +2062,7 @@ GCCH_debug (struct CadetChannel *ch, enum GNUNET_ErrorType level)
           ntohl (ch->dest->ccn.channel_of_client));
   }
   LOG2 (level,
-        "CHN  Message IDs recv: %d (%LLX), send: %d\n",
+        "CHN  Message IDs recv: %d (%llX), send: %d\n",
         ntohl (ch->mid_recv.mid),
         (unsigned long long) ch->mid_futures,
         ntohl (ch->mid_send.mid));
diff --git a/src/cadet/gnunet-service-cadet_core.c b/src/cadet/gnunet-service-cadet_core.c
index 9a83fa31d..95a5d3f63 100644
--- a/src/cadet/gnunet-service-cadet_core.c
+++ b/src/cadet/gnunet-service-cadet_core.c
@@ -296,7 +296,7 @@ discard_all_from_rung_tail ()
   while (NULL != (dir = tail->rd_head))
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Queue full due new message %s on connection %s, dropping old message\n",
+         "Queue full due new message on connection %s, dropping old message\n",
          GNUNET_sh2s (&dir->my_route->cid.connection_of_tunnel));
     GNUNET_STATISTICS_update (stats,
                               "# messages dropped due to full buffer",
@@ -408,7 +408,7 @@ route_message (struct CadetPeer *prev,
     {
       /* We are in the highest rung, drop our own! */
       LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Queue full due new message %s on connection %s, dropping old message\n",
+           "Queue full due new message on connection %s, dropping old message\n",
            GNUNET_sh2s (&dir->my_route->cid.connection_of_tunnel));
       GNUNET_STATISTICS_update (stats,
                                 "# messages dropped due to full buffer",
diff --git a/src/cadet/gnunet-service-cadet_dht.c b/src/cadet/gnunet-service-cadet_dht.c
index 4e8ccbb08..e1bbeb2c3 100644
--- a/src/cadet/gnunet-service-cadet_dht.c
+++ b/src/cadet/gnunet-service-cadet_dht.c
@@ -195,8 +195,8 @@ announce_id (void *cls)
                  &my_full_id,
                  sizeof(my_full_id));
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Announcing my HELLO (%u bytes) in the DHT\n",
-       size);
+       "Announcing my HELLO (%lu bytes) in the DHT\n",
+       (unsigned long) size);
   GNUNET_DHT_put (dht_handle,    /* DHT handle */
                   &phash,       /* Key to use */
                   dht_replication_level,     /* Replication level */
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c
index 2ca46b5aa..78bc54a5c 100644
--- a/src/cadet/gnunet-service-cadet_tunnels.c
+++ b/src/cadet/gnunet-service-cadet_tunnels.c
@@ -2431,7 +2431,7 @@ connection_ready_cb (void *cls,
   {
   case CADET_TUNNEL_KEY_UNINITIALIZED:
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Do not begin KX for %s if WE have no channels waiting. Retrying after %d\n",
+         "Do not begin KX for %s if WE have no channels waiting. Retrying after %llu\n",
          GCT_2s (t),
          GNUNET_TIME_absolute_get_remaining (t->next_kx_attempt).rel_value_us);
     /* Do not begin KX if WE have no channels waiting! */
diff --git a/src/consensus/consensus_api.c b/src/consensus/consensus_api.c
index 06b4c88ef..b4a9e5d39 100644
--- a/src/consensus/consensus_api.c
+++ b/src/consensus/consensus_api.c
@@ -280,7 +280,7 @@ GNUNET_CONSENSUS_insert (struct GNUNET_CONSENSUS_Handle *consensus,
   struct GNUNET_MQ_Envelope *ev;
   struct InsertDoneInfo *i;
 
-  LOG (GNUNET_ERROR_TYPE_DEBUG, "inserting, size=%llu\n", element->size);
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "inserting, size=%u\n", element->size);
 
   ev = GNUNET_MQ_msg_extra (element_msg, element->size,
                             GNUNET_MESSAGE_TYPE_CONSENSUS_CLIENT_INSERT);
diff --git a/src/conversation/conversation.h b/src/conversation/conversation.h
index ed614ab1b..9eedbeb91 100644
--- a/src/conversation/conversation.h
+++ b/src/conversation/conversation.h
@@ -27,6 +27,8 @@
 #ifndef CONVERSATION_H
 #define CONVERSATION_H
 
+#include "gnunet_identity_service.h"
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -105,7 +107,7 @@ struct ClientPhoneRingMessage
   /**
    * Who is calling us?
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey caller_id;
+  struct GNUNET_IDENTITY_PublicKey caller_id;
 };
 
 
@@ -230,7 +232,7 @@ struct ClientCallMessage
   /**
    * Identity of the caller.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey caller_id;
+  struct GNUNET_IDENTITY_PrivateKey caller_id;
 };
 
 
@@ -301,7 +303,7 @@ struct CadetPhoneRingMessage
   /**
    * Who is calling us? (also who is signing).
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey caller_id;
+  struct GNUNET_IDENTITY_PublicKey caller_id;
 
   /**
    * When does the signature expire?
diff --git a/src/conversation/conversation_api.c b/src/conversation/conversation_api.c
index daf51042a..88fe8f11c 100644
--- a/src/conversation/conversation_api.c
+++ b/src/conversation/conversation_api.c
@@ -105,7 +105,7 @@ struct GNUNET_CONVERSATION_Caller
   /**
    * Identity of the person calling us.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey caller_id;
+  struct GNUNET_IDENTITY_PublicKey caller_id;
 
   /**
    * Internal handle to identify the caller with the service.
@@ -192,7 +192,7 @@ struct GNUNET_CONVERSATION_Phone
   /**
    * My GNS zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey my_zone;
+  struct GNUNET_IDENTITY_PrivateKey my_zone;
 
   /**
    * State machine for the phone.
diff --git a/src/conversation/gnunet-conversation.c b/src/conversation/gnunet-conversation.c
index 7a2a727a5..9ff0002e7 100644
--- a/src/conversation/gnunet-conversation.c
+++ b/src/conversation/gnunet-conversation.c
@@ -116,7 +116,7 @@ struct CallList
   /**
    * Public key identifying the caller.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey caller_id;
+  struct GNUNET_IDENTITY_PublicKey caller_id;
 
   /**
    * Unique number of the call.
@@ -194,7 +194,7 @@ static char *ego_name;
 /**
  * Public key of active conversation partner (if any).
  */
-static struct GNUNET_CRYPTO_EcdsaPublicKey peer_key;
+static struct GNUNET_IDENTITY_PublicKey peer_key;
 
 /**
  * Name of active conversation partner (if any).
@@ -244,7 +244,7 @@ static void
 phone_event_handler (void *cls,
                      enum GNUNET_CONVERSATION_PhoneEventCode code,
                      struct GNUNET_CONVERSATION_Caller *caller,
-                     const struct GNUNET_CRYPTO_EcdsaPublicKey *caller_id)
+                     const struct GNUNET_IDENTITY_PublicKey *caller_id)
 {
   struct CallList *cl;
 
diff --git a/src/conversation/test_conversation_api.c b/src/conversation/test_conversation_api.c
index b51186dc8..c5efecd52 100644
--- a/src/conversation/test_conversation_api.c
+++ b/src/conversation/test_conversation_api.c
@@ -305,7 +305,7 @@ static void
 phone_event_handler (void *cls,
                      enum GNUNET_CONVERSATION_PhoneEventCode code,
                      struct GNUNET_CONVERSATION_Caller *caller,
-                     const struct GNUNET_CRYPTO_EcdsaPublicKey *caller_id)
+                     const struct GNUNET_IDENTITY_PublicKey *caller_id)
 {
   static enum GNUNET_CONVERSATION_PhoneEventCode expect =
     GNUNET_CONVERSATION_EC_PHONE_RING;
@@ -385,7 +385,7 @@ call_event_handler (void *cls, enum GNUNET_CONVERSATION_CallEventCode code)
 
 static void
 caller_ego_create_cont (void *cls,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                        const struct GNUNET_IDENTITY_PrivateKey *pk,
                         const char *emsg)
 {
   (void) cls;
@@ -414,7 +414,7 @@ identity_cb (void *cls,
              const char *name)
 {
   struct GNUNET_GNSRECORD_Data rd;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
 
   (void) cls;
   (void) ctx;
@@ -465,7 +465,7 @@ identity_cb (void *cls,
 
 static void
 phone_ego_create_cont (void *cls,
-                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                       const struct GNUNET_IDENTITY_PrivateKey *pk,
                        const char *emsg)
 {
   (void) cls;
diff --git a/src/conversation/test_conversation_api_reject.c b/src/conversation/test_conversation_api_reject.c
index 69fa9f1dc..08c64df37 100644
--- a/src/conversation/test_conversation_api_reject.c
+++ b/src/conversation/test_conversation_api_reject.c
@@ -179,7 +179,7 @@ static void
 phone_event_handler (void *cls,
                      enum GNUNET_CONVERSATION_PhoneEventCode code,
                      struct GNUNET_CONVERSATION_Caller *caller,
-                     const struct GNUNET_CRYPTO_EcdsaPublicKey *caller_id)
+                     const struct GNUNET_IDENTITY_PublicKey *caller_id)
 {
   static enum GNUNET_CONVERSATION_PhoneEventCode expect =
     GNUNET_CONVERSATION_EC_PHONE_RING;
@@ -238,7 +238,7 @@ call_event_handler (void *cls, enum GNUNET_CONVERSATION_CallEventCode code)
 
 static void
 caller_ego_create_cont (void *cls,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                        const struct GNUNET_IDENTITY_PrivateKey *pk,
                         const char *emsg)
 {
   (void) cls;
@@ -267,7 +267,7 @@ identity_cb (void *cls,
              const char *name)
 {
   struct GNUNET_GNSRECORD_Data rd;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
 
   (void) cls;
   (void) ctx;
@@ -318,7 +318,7 @@ identity_cb (void *cls,
 
 static void
 phone_ego_create_cont (void *cls,
-                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                       const struct GNUNET_IDENTITY_PrivateKey *pk,
                        const char *emsg)
 {
   (void) cls;
diff --git a/src/conversation/test_conversation_api_twocalls.c b/src/conversation/test_conversation_api_twocalls.c
index 83e8cb55a..ac7a3c9dd 100644
--- a/src/conversation/test_conversation_api_twocalls.c
+++ b/src/conversation/test_conversation_api_twocalls.c
@@ -403,7 +403,7 @@ static void
 phone_event_handler (void *cls,
                      enum GNUNET_CONVERSATION_PhoneEventCode code,
                      struct GNUNET_CONVERSATION_Caller *caller,
-                     const struct GNUNET_CRYPTO_EcdsaPublicKey *caller_id)
+                     const struct GNUNET_IDENTITY_PublicKey *caller_id)
 {
   const char *cid;
 
@@ -507,7 +507,7 @@ call_event_handler (void *cls, enum GNUNET_CONVERSATION_CallEventCode code)
 
 static void
 caller_ego_create_cont (void *cls,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                        const struct GNUNET_IDENTITY_PrivateKey *pk,
                         const char *emsg)
 {
   (void) cls;
@@ -536,7 +536,7 @@ identity_cb (void *cls,
              const char *name)
 {
   struct GNUNET_GNSRECORD_Data rd;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
 
   (void) cls;
   (void) ctx;
@@ -594,7 +594,7 @@ identity_cb (void *cls,
 
 static void
 phone_ego_create_cont (void *cls,
-                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                       const struct GNUNET_IDENTITY_PrivateKey *pk,
                        const char *emsg)
 {
   (void) cls;
diff --git a/src/datastore/datastore_api.c b/src/datastore/datastore_api.c
index 4537f6efe..bd7a612ed 100644
--- a/src/datastore/datastore_api.c
+++ b/src/datastore/datastore_api.c
@@ -994,8 +994,8 @@ GNUNET_DATASTORE_put (struct GNUNET_DATASTORE_Handle *h,
   }
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Asked to put %u bytes of data under key `%s' for %s\n",
-       size,
+       "Asked to put %lu bytes of data under key `%s' for %s\n",
+       (unsigned long) size,
        GNUNET_h2s (key),
        GNUNET_STRINGS_relative_time_to_string (
          GNUNET_TIME_absolute_get_remaining (expiration),
@@ -1205,8 +1205,8 @@ GNUNET_DATASTORE_remove (struct GNUNET_DATASTORE_Handle *h,
   if (NULL == cont)
     cont = &drop_status_cont;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Asked to remove %u bytes under key `%s'\n",
-       size,
+       "Asked to remove %lu bytes under key `%s'\n",
+       (unsigned long) size,
        GNUNET_h2s (key));
   env = GNUNET_MQ_msg_extra (dm,
                              size,
diff --git a/src/dht/gnunet-service-dht_clients.c b/src/dht/gnunet-service-dht_clients.c
index 1e44c1fad..5eb3115f4 100644
--- a/src/dht/gnunet-service-dht_clients.c
+++ b/src/dht/gnunet-service-dht_clients.c
@@ -488,8 +488,8 @@ handle_dht_local_put (void *cls,
                GNUNET_h2s_full (&dht_msg->key));
   /* give to local clients */
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Handling local PUT of %u-bytes for query %s\n",
-       size - sizeof(struct GNUNET_DHT_ClientPutMessage),
+       "Handling local PUT of %lu-bytes for query %s\n",
+       (unsigned long) (size - sizeof(struct GNUNET_DHT_ClientPutMessage)),
        GNUNET_h2s (&dht_msg->key));
   GDS_CLIENTS_handle_reply (GNUNET_TIME_absolute_ntoh (dht_msg->expiration),
                             &dht_msg->key,
@@ -619,7 +619,7 @@ handle_dht_local_get (void *cls,
        "Received GET request for %s from local client %p, xq: %.*s\n",
        GNUNET_h2s (&get->key),
        ch->client,
-       xquery_size,
+       (int) xquery_size,
        xquery);
   LOG_TRAFFIC (GNUNET_ERROR_TYPE_DEBUG,
                "CLIENT-GET %s\n",
diff --git a/src/dht/gnunet-service-dht_datacache.c b/src/dht/gnunet-service-dht_datacache.c
index 41b7a3a2b..7eded2152 100644
--- a/src/dht/gnunet-service-dht_datacache.c
+++ b/src/dht/gnunet-service-dht_datacache.c
@@ -94,9 +94,9 @@ GDS_DATACACHE_handle_put (struct GNUNET_TIME_Absolute expiration,
                             put_path_length,
                             put_path);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "DATACACHE PUT for key %s [%u] completed (%d) after %u hops\n",
+       "DATACACHE PUT for key %s [%lu] completed (%d) after %u hops\n",
        GNUNET_h2s (key),
-       data_size,
+       (unsigned long) data_size,
        r,
        put_path_length);
 }
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c
index b211fca6b..88b0c5d92 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -2212,8 +2212,8 @@ handle_dht_p2p_get (void *cls,
                                            bg,
                                            peer_bf);
   GDS_CLIENTS_process_get (options
-                           | (GNUNET_OK == forwarded)
-                           ? GNUNET_DHT_RO_LAST_HOP : 0,
+                           | ((GNUNET_OK == forwarded)
+                           ? GNUNET_DHT_RO_LAST_HOP : 0),
                            type,
                            ntohl (get->hop_count),
                            ntohl (get->desired_replication_level),
diff --git a/src/dht/plugin_block_dht.c b/src/dht/plugin_block_dht.c
index f213433ed..a9f336240 100644
--- a/src/dht/plugin_block_dht.c
+++ b/src/dht/plugin_block_dht.c
@@ -195,7 +195,7 @@ block_plugin_dht_get_key (void *cls,
   {
     GNUNET_log_from (GNUNET_ERROR_TYPE_ERROR,
                      "block-dht",
-                     _ ("Size mismatch for block\n"),
+                     _ ("Size mismatch for block with type %u\n"),
                      GNUNET_BLOCK_TYPE_DHT_HELLO);
     return GNUNET_NO;
   }
diff --git a/src/dns/gnunet-dns-monitor.c b/src/dns/gnunet-dns-monitor.c
index d9830baa4..836d65c79 100644
--- a/src/dns/gnunet-dns-monitor.c
+++ b/src/dns/gnunet-dns-monitor.c
@@ -203,7 +203,7 @@ display_record (const struct GNUNET_DNSPARSER_Record *record)
     else
     {
       GNUNET_asprintf (&tmp,
-                       "priority %u, weight = %s, port = %u, target = %s",
+                       "priority %u, weight = %u, port = %u, target = %s",
                        (unsigned int) record->data.srv->priority,
                        (unsigned int) record->data.srv->weight,
                        (unsigned int) record->data.srv->port,
diff --git a/src/fs/fs_download.c b/src/fs/fs_download.c
index 6154e8be0..d4677b794 100644
--- a/src/fs/fs_download.c
+++ b/src/fs/fs_download.c
@@ -1050,7 +1050,7 @@ process_result_with_request (void *cls,
     GNUNET_asprintf (
       &dc->emsg,
       _ (
-        "Internal error or bogus download URI (expected %u bytes at depth %u and offset %llu/%llu, got %u bytes)"),
+        "Internal error or bogus download URI (expected %lu bytes at depth %u and offset %llu/%llu, got %lu bytes)"),
       bs,
       dr->depth,
       (unsigned long long) dr->offset,
diff --git a/src/fs/gnunet-daemon-fsprofiler.c b/src/fs/gnunet-daemon-fsprofiler.c
index 829906461..fbb7c6028 100644
--- a/src/fs/gnunet-daemon-fsprofiler.c
+++ b/src/fs/gnunet-daemon-fsprofiler.c
@@ -592,14 +592,14 @@ run (void *cls, char *const *args GNUNET_UNUSED,
                                              &replication_level))
     replication_level = 1;
   GNUNET_snprintf (myoptname, sizeof(myoptname),
-                   "DOWNLOAD-PATTERN-%u", my_peerid);
+                   "DOWNLOAD-PATTERN-%llu", my_peerid);
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
                                              "FSPROFILER", myoptname,
                                              &download_pattern))
     download_pattern = GNUNET_strdup ("");
   GNUNET_snprintf (myoptname, sizeof(myoptname),
-                   "PUBLISH-PATTERN-%u", my_peerid);
+                   "PUBLISH-PATTERN-%llu", my_peerid);
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
                                              "FSPROFILER", myoptname,
diff --git a/src/fs/gnunet-publish.c b/src/fs/gnunet-publish.c
index 91fcd8f8a..518192283 100644
--- a/src/fs/gnunet-publish.c
+++ b/src/fs/gnunet-publish.c
@@ -475,6 +475,7 @@ uri_ksk_continuation (void *cls,
                       const char *emsg)
 {
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
+  const struct GNUNET_IDENTITY_PrivateKey *pk;
 
   if (NULL != emsg)
   {
@@ -486,7 +487,10 @@ uri_ksk_continuation (void *cls,
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
-  priv = GNUNET_IDENTITY_ego_get_private_key (namespace);
+  pk = GNUNET_IDENTITY_ego_get_private_key (namespace);
+  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pk->type))
+    return;
+  priv = &pk->ecdsa_key;
   GNUNET_FS_publish_sks (ctx,
                          priv,
                          this_id,
@@ -569,6 +573,7 @@ directory_trim_complete (struct GNUNET_FS_ShareTreeItem *directory_scan_result)
 {
   struct GNUNET_FS_FileInformation *fi;
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
+  const struct GNUNET_IDENTITY_PrivateKey *pk;
 
   fi = get_file_information (directory_scan_result);
   GNUNET_FS_share_tree_free (directory_scan_result);
@@ -589,7 +594,11 @@ directory_trim_complete (struct GNUNET_FS_ShareTreeItem *directory_scan_result)
   if (NULL == namespace)
     priv = NULL;
   else
-    priv = GNUNET_IDENTITY_ego_get_private_key (namespace);
+  {
+    pk = GNUNET_IDENTITY_ego_get_private_key (namespace);
+    if (GNUNET_IDENTITY_TYPE_ECDSA == ntohl (pk->type))
+      priv = &pk->ecdsa_key;
+  }
   pc = GNUNET_FS_publish_start (ctx,
                                 fi,
                                 priv,
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am
index 5a9c70997..744ba66ec 100644
--- a/src/gns/Makefile.am
+++ b/src/gns/Makefile.am
@@ -109,6 +109,7 @@ libgnunet_plugin_rest_gns_la_SOURCES = \
   plugin_rest_gns.c
 libgnunet_plugin_rest_gns_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecordjson.la \
   libgnunetgns.la \
   $(top_builddir)/src/rest/libgnunetrest.la \
   $(top_builddir)/src/identity/libgnunetidentity.la \
@@ -124,6 +125,7 @@ libgnunet_plugin_gnsrecord_gns_la_SOURCES = \
   plugin_gnsrecord_gns.c
 libgnunet_plugin_gnsrecord_gns_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LTLIBINTL)
 libgnunet_plugin_gnsrecord_gns_la_LDFLAGS = \
@@ -135,6 +137,7 @@ gnunet_gns_SOURCES = \
 gnunet_gns_LDADD = \
   libgnunetgns.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LIBIDN) $(LIBIDN2) \
   $(GN_LIBINTL)
@@ -144,6 +147,7 @@ gnunet_gns_benchmark_SOURCES = \
 gnunet_gns_benchmark_LDADD = \
   libgnunetgns.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(GN_LIBINTL)
 
@@ -247,6 +251,7 @@ libgnunet_plugin_block_gns_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/block/libgnunetblock.la \
   $(top_builddir)/src/block/libgnunetblockgroup.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la  \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la
 libgnunet_plugin_block_gns_la_LDFLAGS = \
   $(GN_LIBINTL) \
diff --git a/src/gns/gns.h b/src/gns/gns.h
index a193632b7..d824742ad 100644
--- a/src/gns/gns.h
+++ b/src/gns/gns.h
@@ -48,7 +48,7 @@ struct LookupMessage
   /**
    * Zone that is to be used for lookup
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+  struct GNUNET_IDENTITY_PublicKey zone;
 
   /**
    * Local options for where to look for results
diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c
index bf95bf340..841a0d240 100644
--- a/src/gns/gns_api.c
+++ b/src/gns/gns_api.c
@@ -343,7 +343,7 @@ GNUNET_GNS_lookup_cancel (struct GNUNET_GNS_LookupRequest *lr)
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle,
                            const char *name,
-                           const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                           const struct GNUNET_IDENTITY_PublicKey *zone,
                            uint32_t type,
                            enum GNUNET_GNS_LocalOptions options,
                            uint16_t recursion_depth_limit,
@@ -411,7 +411,7 @@ GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle,
 struct GNUNET_GNS_LookupRequest*
 GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
                    const char *name,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                   const struct GNUNET_IDENTITY_PublicKey *zone,
                    uint32_t type,
                    enum GNUNET_GNS_LocalOptions options,
                    GNUNET_GNS_LookupResultProcessor proc,
diff --git a/src/gns/gns_tld_api.c b/src/gns/gns_tld_api.c
index 3ebf07db6..b883662ad 100644
--- a/src/gns/gns_tld_api.c
+++ b/src/gns/gns_tld_api.c
@@ -167,7 +167,7 @@ process_lookup_result (void *cls,
  */
 static void
 lookup_with_public_key (struct GNUNET_GNS_LookupWithTldRequest *ltr,
-                        const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
+                        const struct GNUNET_IDENTITY_PublicKey *pkey)
 {
   ltr->lr = GNUNET_GNS_lookup (ltr->gns_handle,
                                ltr->name,
@@ -190,11 +190,11 @@ lookup_with_public_key (struct GNUNET_GNS_LookupWithTldRequest *ltr,
  */
 static void
 identity_zone_cb (void *cls,
-                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+                  const struct GNUNET_IDENTITY_PrivateKey *priv,
                   const char *ego_name)
 {
   struct GNUNET_GNS_LookupWithTldRequest *ltr = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   ltr->id_co = NULL;
   if (NULL == priv)
@@ -219,7 +219,7 @@ identity_zone_cb (void *cls,
     ltr->options = GNUNET_GNS_LO_NO_DHT;
   else
     ltr->options = GNUNET_GNS_LO_LOCAL_MASTER;
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv, &pkey);
+  GNUNET_IDENTITY_key_get_public (priv, &pkey);
   lookup_with_public_key (ltr, &pkey);
 }
 
@@ -249,7 +249,7 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
   const char *tld;
   char *dot_tld;
   char *zonestr;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   ltr = GNUNET_new (struct GNUNET_GNS_LookupWithTldRequest);
   ltr->gns_handle = handle;
@@ -261,8 +261,10 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
   /* start with trivial case: TLD is zkey */
   tld = get_tld (ltr->name);
   if (GNUNET_OK ==
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (tld, strlen (tld), &pkey))
+      GNUNET_IDENTITY_public_key_from_string (tld, &pkey))
   {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "`%s' seems to be a valid zone key\n", tld);
     eat_tld (ltr->name, tld);
     lookup_with_public_key (ltr, &pkey);
     return ltr;
@@ -281,9 +283,8 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
                                                             &zonestr))
     {
       if (GNUNET_OK !=
-          GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr,
-                                                      strlen (zonestr),
-                                                      &pkey))
+          GNUNET_IDENTITY_public_key_from_string (zonestr,
+                                                  &pkey))
       {
         GNUNET_log_config_invalid (
           GNUNET_ERROR_TYPE_ERROR,
@@ -304,6 +305,8 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
     }
     GNUNET_free (dot_tld);
   }
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "`%s' should be a valid ego\n", ltr->name);
   ltr->id_co =
     GNUNET_IDENTITY_ego_lookup_by_suffix (ltr->gns_handle->cfg,
                                           ltr->name,
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index 8c5b2d6c4..52300ae3b 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -123,7 +123,7 @@ struct GNS_TopLevelDomain
   /**
    * Public key associated with the @a tld.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   /**
    * Top-level domain as a string, including leading ".".
@@ -177,7 +177,7 @@ static struct GNS_TopLevelDomain *tld_tail;
  */
 int
 GNS_find_tld (const char *tld_str,
-              struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
+              struct GNUNET_IDENTITY_PublicKey *pkey)
 {
   if ('\0' == *tld_str)
     return GNUNET_NO;
@@ -485,7 +485,7 @@ read_service_conf (void *cls,
                    const char *option,
                    const char *value)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
   struct GNS_TopLevelDomain *tld;
 
   (void) cls;
diff --git a/src/gns/gnunet-service-gns.h b/src/gns/gnunet-service-gns.h
index 2a432f8aa..d4fb9ec9f 100644
--- a/src/gns/gnunet-service-gns.h
+++ b/src/gns/gnunet-service-gns.h
@@ -26,6 +26,7 @@
 #ifndef GNUNET_SERVICE_GNS_H
 #define GNUNET_SERVICE_GNS_H
 
+#include "gnunet_identity_service.h"
 
 /**
  * Find GNS zone belonging to TLD @a tld.
@@ -36,7 +37,7 @@
  */
 int
 GNS_find_tld (const char *tld_str,
-              struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+              struct GNUNET_IDENTITY_PublicKey *pkey);
 
 
 /**
diff --git a/src/gns/gnunet-service-gns_interceptor.c b/src/gns/gnunet-service-gns_interceptor.c
index 19416a506..b53f4af6b 100644
--- a/src/gns/gnunet-service-gns_interceptor.c
+++ b/src/gns/gnunet-service-gns_interceptor.c
@@ -314,7 +314,7 @@ handle_dns_request (void *cls,
 {
   struct GNUNET_DNSPARSER_Packet *p;
   struct InterceptLookupHandle *ilh;
-  struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+  struct GNUNET_IDENTITY_PublicKey zone;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Hijacked a DNS request. Processing.\n");
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index cb75b23c7..1c13f4df1 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -173,7 +173,7 @@ struct AuthorityChain
     /**
      * The zone of the GNS authority
      */
-    struct GNUNET_CRYPTO_EcdsaPublicKey gns_authority;
+    struct GNUNET_IDENTITY_PublicKey gns_authority;
 
     struct
     {
@@ -305,7 +305,7 @@ struct GNS_ResolverHandle
   /**
    * The top-level GNS authoritative zone to query
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey authority_zone;
+  struct GNUNET_IDENTITY_PublicKey authority_zone;
 
   /**
    * called when resolution phase finishes
@@ -1251,7 +1251,7 @@ handle_gns_cname_result (struct GNS_ResolverHandle *rh,
   const char *tld;
   struct AuthorityChain *ac;
   int af;
-  struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+  struct GNUNET_IDENTITY_PublicKey zone;
 
   nlen = strlen (cname);
   tld = GNS_get_tld (cname);
@@ -1296,7 +1296,7 @@ handle_gns_cname_result (struct GNS_ResolverHandle *rh,
     {
       GNUNET_asprintf (&res,
                        "%.*s",
-                       strlen (cname) - (strlen (tld) + 1),
+                       (int) (strlen (cname) - (strlen (tld) + 1)),
                        cname);
     }
     else
@@ -1305,7 +1305,7 @@ handle_gns_cname_result (struct GNS_ResolverHandle *rh,
                        "%.*s.%.*s",
                        (int) rh->name_resolution_pos,
                        rh->name,
-                       (int) strlen (cname) - (strlen (tld) + 1),
+                       (int) (strlen (cname) - (strlen (tld) + 1)),
                        cname);
     }
     rh->name_resolution_pos = strlen (res);
@@ -1696,10 +1696,11 @@ recursive_pkey_resolution (struct GNS_ResolverHandle *rh,
                            const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct AuthorityChain *ac;
+  struct GNUNET_IDENTITY_PublicKey auth;
 
   /* delegation to another zone */
-  if (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) !=
-      rd->data_size)
+  if (GNUNET_OK != GNUNET_GNSRECORD_record_to_identity_key (rd,
+                                                            &auth))
   {
     GNUNET_break_op (0);
     fail_resolution (rh);
@@ -1709,9 +1710,9 @@ recursive_pkey_resolution (struct GNS_ResolverHandle *rh,
   ac = GNUNET_new (struct AuthorityChain);
   ac->rh = rh;
   ac->gns_authority = GNUNET_YES;
-  GNUNET_memcpy (&ac->authority_info.gns_authority,
-                 rd->data,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+  ac->authority_info.gns_authority = auth;
+  GNUNET_GNSRECORD_record_to_identity_key (rd,
+                                           &ac->authority_info.gns_authority);
   ac->label = resolver_lookup_get_next_label (rh);
   /* add AC to tail */
   GNUNET_CONTAINER_DLL_insert_tail (rh->ac_head,
@@ -1754,7 +1755,7 @@ recursive_gns2dns_resolution (struct GNS_ResolverHandle *rh,
     char *n;
     size_t off;
     struct Gns2DnsPending *gp;
-    struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+    struct GNUNET_IDENTITY_PublicKey zone;
     struct sockaddr_in v4;
     struct sockaddr_in6 v6;
 
@@ -2258,16 +2259,11 @@ handle_gns_resolution_result (void *cls,
 
       case GNUNET_GNSRECORD_TYPE_PKEY:
         {
-          struct GNUNET_CRYPTO_EcdsaPublicKey pub;
-
           if (rd[i].data_size != sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))
           {
             GNUNET_break_op (0);
             break;
           }
-          GNUNET_memcpy (&pub,
-                         rd[i].data,
-                         rd[i].data_size);
           rd_off++;
           if (GNUNET_GNSRECORD_TYPE_PKEY != rh->record_type)
           {
@@ -2277,7 +2273,9 @@ handle_gns_resolution_result (void *cls,
             ac = GNUNET_new (struct AuthorityChain);
             ac->rh = rh;
             ac->gns_authority = GNUNET_YES;
-            ac->authority_info.gns_authority = pub;
+            GNUNET_GNSRECORD_record_to_identity_key (&rd[i],
+                                                     &ac->authority_info.
+                                                     gns_authority);
             ac->label = GNUNET_strdup (GNUNET_GNS_EMPTY_LABEL_AT);
             GNUNET_CONTAINER_DLL_insert_tail (rh->ac_head,
                                               rh->ac_tail,
@@ -2469,10 +2467,7 @@ handle_dht_response (void *cls,
     return;
   }
   block = data;
-  if (size !=
-      ntohl (block->purpose.size)
-      + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-      + sizeof(struct GNUNET_CRYPTO_EcdsaSignature))
+  if (size != GNUNET_GNSRECORD_block_get_size (block))
   {
     /* how did this pass DHT block validation!? */
     GNUNET_break (0);
@@ -2480,8 +2475,8 @@ handle_dht_response (void *cls,
     return;
   }
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Decrypting DHT block of size %u for `%s', expires %s\n",
-              ntohl (block->purpose.size),
+              "Decrypting DHT block of size %lu for `%s', expires %s\n",
+              GNUNET_GNSRECORD_block_get_size (block),
               rh->name,
               GNUNET_STRINGS_absolute_time_to_string (exp));
   if (GNUNET_OK !=
@@ -2495,8 +2490,8 @@ handle_dht_response (void *cls,
     fail_resolution (rh);
     return;
   }
-  if (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (
-                                                 block->expiration_time)).
+  if (0 == GNUNET_TIME_absolute_get_remaining (
+        GNUNET_GNSRECORD_block_get_expiration (block)).
       rel_value_us)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2594,7 +2589,7 @@ handle_namecache_block_response (void *cls,
   struct GNS_ResolverHandle *rh = cls;
   struct AuthorityChain *ac = rh->ac_tail;
   const char *label = ac->label;
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *auth =
+  const struct GNUNET_IDENTITY_PublicKey *auth =
     &ac->authority_info.gns_authority;
   struct GNUNET_HashCode query;
 
@@ -2604,8 +2599,8 @@ handle_namecache_block_response (void *cls,
        ((GNUNET_GNS_LO_LOCAL_MASTER == rh->options) &&
         (ac != rh->ac_head))) &&
       ((NULL == block) ||
-       (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (
-                                                   block->expiration_time)).
+       (0 == GNUNET_TIME_absolute_get_remaining (
+          GNUNET_GNSRECORD_block_get_expiration (block)).
         rel_value_us)))
   {
     /* namecache knows nothing; try DHT lookup */
@@ -2622,8 +2617,8 @@ handle_namecache_block_response (void *cls,
   }
 
   if ((NULL == block) ||
-      (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (
-                                                  block->expiration_time)).
+      (0 == GNUNET_TIME_absolute_get_remaining (
+         GNUNET_GNSRECORD_block_get_expiration (block)).
        rel_value_us))
   {
     /* DHT not permitted and no local result, fail */
@@ -2857,7 +2852,7 @@ start_resolver_lookup (void *cls)
  * @return handle to cancel operation
  */
 struct GNS_ResolverHandle *
-GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+GNS_resolver_lookup (const struct GNUNET_IDENTITY_PublicKey *zone,
                      uint32_t record_type,
                      const char *name,
                      enum GNUNET_GNS_LocalOptions options,
diff --git a/src/gns/gnunet-service-gns_resolver.h b/src/gns/gnunet-service-gns_resolver.h
index 3dab3c91a..b099c5d65 100644
--- a/src/gns/gnunet-service-gns_resolver.h
+++ b/src/gns/gnunet-service-gns_resolver.h
@@ -86,7 +86,7 @@ typedef void
  * @return handle to cancel operation
  */
 struct GNS_ResolverHandle *
-GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+GNS_resolver_lookup (const struct GNUNET_IDENTITY_PublicKey *zone,
                      uint32_t record_type,
                      const char *name,
                      enum GNUNET_GNS_LocalOptions options,
diff --git a/src/gns/plugin_block_gns.c b/src/gns/plugin_block_gns.c
index aabedcaac..9b58c9034 100644
--- a/src/gns/plugin_block_gns.c
+++ b/src/gns/plugin_block_gns.c
@@ -145,17 +145,13 @@ block_plugin_gns_evaluate (void *cls,
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
   block = reply_block;
-  if (ntohl (block->purpose.size) + sizeof(struct
-                                           GNUNET_CRYPTO_EcdsaSignature)
-      + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) !=
-      reply_block_size)
+  if (GNUNET_GNSRECORD_block_get_size (block) > reply_block_size)
   {
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
-  GNUNET_CRYPTO_hash (&block->derived_key,
-                      sizeof(block->derived_key),
-                      &h);
+  GNUNET_GNSRECORD_query_from_block (block,
+                                     &h);
   if (0 != GNUNET_memcmp (&h, query))
   {
     GNUNET_break_op (0);
@@ -206,9 +202,8 @@ block_plugin_gns_get_key (void *cls,
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
   block = reply_block;
-  GNUNET_CRYPTO_hash (&block->derived_key,
-                      sizeof(block->derived_key),
-                      key);
+  GNUNET_GNSRECORD_query_from_block (block,
+                                     key);
   return GNUNET_OK;
 }
 
diff --git a/src/gns/plugin_gnsrecord_gns.c b/src/gns/plugin_gnsrecord_gns.c
index 81f2b9eff..0bd1d047f 100644
--- a/src/gns/plugin_gnsrecord_gns.c
+++ b/src/gns/plugin_gnsrecord_gns.c
@@ -50,13 +50,16 @@ gns_value_to_string (void *cls,
                      size_t data_size)
 {
   const char *cdata;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   switch (type)
   {
   case GNUNET_GNSRECORD_TYPE_PKEY:
     if (data_size != sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))
       return NULL;
-    return GNUNET_CRYPTO_ecdsa_public_key_to_string (data);
+    pk.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+    memcpy (&pk.ecdsa_key, data, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+    return GNUNET_IDENTITY_public_key_to_string (&pk);
 
   case GNUNET_GNSRECORD_TYPE_NICK:
     return GNUNET_strndup (data, data_size);
@@ -154,6 +157,7 @@ gns_string_to_value (void *cls,
                      size_t *data_size)
 {
   struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if (NULL == s)
     return GNUNET_SYSERR;
@@ -161,7 +165,7 @@ gns_string_to_value (void *cls,
   {
   case GNUNET_GNSRECORD_TYPE_PKEY:
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (s, strlen (s), &pkey))
+        GNUNET_IDENTITY_public_key_from_string (s, &pk))
     {
       GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                   _ ("Unable to parse PKEY record `%s'\n"),
@@ -169,7 +173,7 @@ gns_string_to_value (void *cls,
       return GNUNET_SYSERR;
     }
     *data = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey);
-    GNUNET_memcpy (*data, &pkey, sizeof(pkey));
+    GNUNET_memcpy (*data, &pk.ecdsa_key, sizeof(pkey));
     *data_size = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
     return GNUNET_OK;
 
diff --git a/src/gns/plugin_rest_gns.c b/src/gns/plugin_rest_gns.c
index 6ec921f70..2ccb5be2b 100644
--- a/src/gns/plugin_rest_gns.c
+++ b/src/gns/plugin_rest_gns.c
@@ -28,6 +28,7 @@
 #include "gnunet_rest_lib.h"
 #include "gnunet_json_lib.h"
 #include "gnunet_gnsrecord_lib.h"
+#include "gnunet_gnsrecord_json_lib.h"
 #include "gnunet_gns_service.h"
 #include "microhttpd.h"
 #include <jansson.h>
@@ -264,7 +265,7 @@ handle_gns_response (void *cls,
     return;
   }
 
-  result_obj = GNUNET_JSON_from_gnsrecord (handle->name, rd, rd_count);
+  result_obj = GNUNET_GNSRECORD_JSON_from_gnsrecord (handle->name, rd, rd_count);
 
   result = json_dumps (result_obj, 0);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result);
diff --git a/src/gns/test_gns_dht_lookup.sh b/src/gns/test_gns_dht_lookup.sh
index d5516fd03..8d446c507 100755
--- a/src/gns/test_gns_dht_lookup.sh
+++ b/src/gns/test_gns_dht_lookup.sh
@@ -26,6 +26,7 @@ gnunet-arm -i datastore -c test_gns_lookup.conf
 gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
 DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
 gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+echo "MYEGO: $MY_EGO OTHER_EGO: $DELEGATED_PKEY"
 gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
 #This works
 gnunet-namestore -p -z $OTHER_EGO -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
diff --git a/src/gnsrecord/Makefile.am b/src/gnsrecord/Makefile.am
index 2e6eca7ba..84d218519 100644
--- a/src/gnsrecord/Makefile.am
+++ b/src/gnsrecord/Makefile.am
@@ -30,12 +30,14 @@ TESTS = \
 endif
 
 lib_LTLIBRARIES = \
-  libgnunetgnsrecord.la
+  libgnunetgnsrecord.la \
+  libgnunetgnsrecordjson.la
 
 gnunet_gnsrecord_tvg_SOURCES = \
  gnunet-gnsrecord-tvg.c
 gnunet_gnsrecord_tvg_LDADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   libgnunetgnsrecord.la \
   $(GN_LIBINTL)
 
@@ -47,11 +49,26 @@ libgnunetgnsrecord_la_SOURCES = \
   gnsrecord_misc.c
 libgnunetgnsrecord_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
+  $(LIBGCRYPT_LIBS) \
   $(GN_LIBINTL)
+libgnunetgnsrecord_la_DEPENDENCIES = \
+  $(top_builddir)/src/identity/libgnunetidentity.la
 libgnunetgnsrecord_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS)  \
   -version-info 0:0:0
 
+libgnunetgnsrecordjson_la_SOURCES = \
+  json_gnsrecord.c
+libgnunetgnsrecordjson_la_LIBADD = \
+  $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
+  libgnunetgnsrecord.la \
+  -ljansson \
+  $(GN_LIBINTL)
+libgnunetgnsrecordjson_la_LDFLAGS = \
+  $(GN_LIB_LDFLAGS)  \
+  -version-info 0:0:0
 
 plugin_LTLIBRARIES = \
   libgnunet_plugin_gnsrecord_dns.la
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index c8919760a..9c551a936 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -37,6 +37,61 @@
 
 #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
 
+ssize_t
+ecdsa_symmetric_decrypt (
+  const void *block,
+  size_t size,
+  const unsigned char *key,
+  const unsigned char *ctr,
+  void *result)
+{
+  gcry_cipher_hd_t handle;
+  int rc;
+
+  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
+                                        GCRY_CIPHER_MODE_CTR, 0));
+  rc = gcry_cipher_setkey (handle,
+                           key,
+                           GNUNET_CRYPTO_AES_KEY_LENGTH);
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setctr (handle,
+                           ctr,
+                           GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
+  gcry_cipher_close (handle);
+  return size;
+}
+
+
+
+ssize_t
+ecdsa_symmetric_encrypt (
+  const void *block,
+  size_t size,
+  const unsigned char *key,
+  const unsigned char *ctr,
+  void *result)
+{
+  gcry_cipher_hd_t handle;
+  int rc;
+
+  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
+                                        GCRY_CIPHER_MODE_CTR, 0));
+  rc = gcry_cipher_setkey (handle,
+                           key,
+                           GNUNET_CRYPTO_AES_KEY_LENGTH);
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setctr (handle,
+                           ctr,
+                           GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
+  gcry_cipher_close (handle);
+  return size;
+}
+
+
 
 /**
  * Derive session key and iv from label and public key.
@@ -47,25 +102,31 @@
  * @param pub public key to use for KDF
  */
 static void
-derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
-                      struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+derive_block_aes_key (unsigned char *ctr,
+                      unsigned char *key,
                       const char *label,
+                      uint64_t exp,
                       const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 {
   static const char ctx_key[] = "gns-aes-ctx-key";
   static const char ctx_iv[] = "gns-aes-ctx-iv";
 
-  GNUNET_CRYPTO_kdf (skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
+  GNUNET_CRYPTO_kdf (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
                      ctx_key, strlen (ctx_key),
                      pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
                      label, strlen (label),
                      NULL, 0);
-  GNUNET_CRYPTO_kdf (iv, sizeof(struct
-                                GNUNET_CRYPTO_SymmetricInitializationVector),
+  memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
+  /** 4 byte nonce **/
+  GNUNET_CRYPTO_kdf (ctr, 4,
                      ctx_iv, strlen (ctx_iv),
                      pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
                      label, strlen (label),
                      NULL, 0);
+  /** Expiration time 64 bit. **/
+  memcpy (ctr + 4, &exp, sizeof (exp));
+  /** Set counter part to 1 **/
+  ctr[15] |= 0x01;
 }
 
 
@@ -81,19 +142,20 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
  * @return NULL on error (block too large)
  */
 static struct GNUNET_GNSRECORD_Block *
-block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-              const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
-              struct GNUNET_TIME_Absolute expire,
-              const char *label,
-              const struct GNUNET_GNSRECORD_Data *rd,
-              unsigned int rd_count)
+block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+                    const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
+                    struct GNUNET_TIME_Absolute expire,
+                    const char *label,
+                    const struct GNUNET_GNSRECORD_Data *rd,
+                    unsigned int rd_count)
 {
   ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
                                                            rd);
   struct GNUNET_GNSRECORD_Block *block;
+  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
   struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
-  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
-  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+  unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
   struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
   uint32_t rd_count_nbo;
   struct GNUNET_TIME_Absolute now;
@@ -140,35 +202,38 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
     block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
                            + sizeof(uint32_t)
                            + payload_len);
-    block->purpose.size = htonl (sizeof(uint32_t)
-                                 + payload_len
-                                 + sizeof(struct
-                                          GNUNET_CRYPTO_EccSignaturePurpose)
-                                 + sizeof(struct GNUNET_TIME_AbsoluteNBO));
-    block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    block->expiration_time = GNUNET_TIME_absolute_hton (expire);
+    ecblock = &block->ecdsa_block;
+    block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+    ecblock->purpose.size = htonl (sizeof(uint32_t)
+                                   + payload_len
+                                   + sizeof(struct
+                                            GNUNET_CRYPTO_EccSignaturePurpose)
+                                   + sizeof(struct GNUNET_TIME_AbsoluteNBO));
+    ecblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
+    ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
     /* encrypt and sign */
     dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
                                                    label,
                                                    "gns");
     GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
-                                        &block->derived_key);
-    derive_block_aes_key (&iv,
-                          &skey,
+                                        &ecblock->derived_key);
+    derive_block_aes_key (ctr,
+                          skey,
                           label,
+                          ecblock->expiration_time.abs_value_us__,
                           pkey);
     GNUNET_break (payload_len + sizeof(uint32_t) ==
-                  GNUNET_CRYPTO_symmetric_encrypt (payload,
-                                                   payload_len
-                                                   + sizeof(uint32_t),
-                                                   &skey,
-                                                   &iv,
-                                                   &block[1]));
+                  ecdsa_symmetric_encrypt (payload,
+                                           payload_len
+                                           + sizeof(uint32_t),
+                                           skey,
+                                           ctr,
+                                           &ecblock[1]));
   }
   if (GNUNET_OK !=
       GNUNET_CRYPTO_ecdsa_sign_ (dkey,
-                                 &block->purpose,
-                                 &block->signature))
+                                 &ecblock->purpose,
+                                 &ecblock->signature))
   {
     GNUNET_break (0);
     GNUNET_free (dkey);
@@ -191,7 +256,7 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  * @return NULL on error (block too large)
  */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -199,14 +264,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 {
   struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
 
-  GNUNET_CRYPTO_ecdsa_key_get_public (key,
-                                      &pkey);
-  return block_create (key,
-                       &pkey,
-                       expire,
-                       label,
-                       rd,
-                       rd_count);
+  switch (ntohl (key->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key,
+                                        &pkey);
+    return block_create_ecdsa (&key->ecdsa_key,
+                               &pkey,
+                               expire,
+                               label,
+                               rd,
+                               rd_count);
+  default:
+    GNUNET_assert (0);
+  }
+  return NULL;
 }
 
 
@@ -240,12 +312,19 @@ struct KeyCacheLine
  * @return NULL on error (block too large)
  */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                                 struct GNUNET_TIME_Absolute expire,
                                 const char *label,
                                 const struct GNUNET_GNSRECORD_Data *rd,
                                 unsigned int rd_count)
 {
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
+
+  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type))
+  {
+    return NULL; // FIXME
+  }
+  key = &pkey->ecdsa_key;
 #define CSIZE 64
   static struct KeyCacheLine cache[CSIZE];
   struct KeyCacheLine *line;
@@ -261,12 +340,12 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                                         &line->pkey);
   }
 #undef CSIZE
-  return block_create (key,
-                       &line->pkey,
-                       expire,
-                       label,
-                       rd,
-                       rd_count);
+  return block_create_ecdsa (key,
+                             &line->pkey,
+                             expire,
+                             label,
+                             rd,
+                             rd_count);
 }
 
 
@@ -277,40 +356,40 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  * @param block block to verify
  * @return #GNUNET_OK if the signature is valid
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 {
+  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
+  const struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
+
+  if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->type))
+  {
+    GNUNET_break (0);
+    return GNUNET_NO;
+  }
+  ecblock = &block->ecdsa_block;
+  key = &ecblock->derived_key;
+
   return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-                                      &block->purpose,
-                                      &block->signature,
-                                      &block->derived_key);
+                                      &ecblock->purpose,
+                                      &ecblock->signature,
+                                      key);
 }
 
 
-/**
- * Decrypt block.
- *
- * @param block block to decrypt
- * @param zone_key public key of the zone
- * @param label the name for the records
- * @param proc function to call with the result
- * @param proc_cls closure for proc
- * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
- *        not well-formed
- */
-int
-GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
-                                const struct
-                                GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
-                                const char *label,
-                                GNUNET_GNSRECORD_RecordCallback proc,
-                                void *proc_cls)
+enum GNUNET_GenericReturnValue
+block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
+                     const struct
+                     GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
+                     const char *label,
+                     GNUNET_GNSRECORD_RecordCallback proc,
+                     void *proc_cls)
 {
   size_t payload_len = ntohl (block->purpose.size)
                        - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
                        - sizeof(struct GNUNET_TIME_AbsoluteNBO);
-  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
-  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
 
   if (ntohl (block->purpose.size) <
       sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
@@ -319,18 +398,19 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
-  derive_block_aes_key (&iv,
-                        &skey,
+  derive_block_aes_key (ctr,
+                        key,
                         label,
+                        block->expiration_time.abs_value_us__,
                         zone_key);
   {
     char payload[payload_len];
     uint32_t rd_count;
 
     GNUNET_break (payload_len ==
-                  GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len,
-                                                   &skey, &iv,
-                                                   payload));
+                  ecdsa_symmetric_decrypt (&block[1], payload_len,
+                                           key, ctr,
+                                           payload));
     GNUNET_memcpy (&rd_count,
                    payload,
                    sizeof(uint32_t));
@@ -426,6 +506,39 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
 
 
 /**
+ * Decrypt block.
+ *
+ * @param block block to decrypt
+ * @param zone_key public key of the zone
+ * @param label the name for the records
+ * @param proc function to call with the result
+ * @param proc_cls closure for proc
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
+ *        not well-formed
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
+                                const struct
+                                GNUNET_IDENTITY_PublicKey *zone_key,
+                                const char *label,
+                                GNUNET_GNSRECORD_RecordCallback proc,
+                                void *proc_cls)
+{
+  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
+
+  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (zone_key->type))
+  {
+    return GNUNET_NO;
+  }
+  key = &zone_key->ecdsa_key;
+
+  return block_decrypt_ecdsa (&block->ecdsa_block,
+                              key, label, proc, proc_cls);
+
+}
+
+
+/**
  * Calculate the DHT query for a given @a label in a given @a zone.
  *
  * @param zone private key of the zone
@@ -434,17 +547,24 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
  */
 void
 GNUNET_GNSRECORD_query_from_private_key (const struct
-                                         GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                         GNUNET_IDENTITY_PrivateKey *zone,
                                          const char *label,
                                          struct GNUNET_HashCode *query)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
-
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone,
-                                      &pub);
-  GNUNET_GNSRECORD_query_from_public_key (&pub,
-                                          label,
-                                          query);
+  struct GNUNET_IDENTITY_PublicKey pub;
+  switch (ntohl (zone->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+
+    GNUNET_IDENTITY_key_get_public (zone,
+                                    &pub);
+    GNUNET_GNSRECORD_query_from_public_key (&pub,
+                                            label,
+                                            query);
+    break;
+  default:
+    GNUNET_assert (0);
+  }
 }
 
 
@@ -457,18 +577,27 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
  */
 void
 GNUNET_GNSRECORD_query_from_public_key (const struct
-                                        GNUNET_CRYPTO_EcdsaPublicKey *pub,
+                                        GNUNET_IDENTITY_PublicKey *pub,
                                         const char *label,
                                         struct GNUNET_HashCode *query)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pd;
-  GNUNET_CRYPTO_ecdsa_public_key_derive (pub,
-                                         label,
-                                         "gns",
-                                         &pd);
-  GNUNET_CRYPTO_hash (&pd,
-                      sizeof(pd),
-                      query);
+  struct GNUNET_IDENTITY_PublicKey pd;
+
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    pd.type = pub->type;
+    GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
+                                           label,
+                                           "gns",
+                                           &pd.ecdsa_key);
+    GNUNET_CRYPTO_hash (&pd.ecdsa_key,
+                        sizeof (pd.ecdsa_key),
+                        query);
+    break;
+  default:
+    GNUNET_assert (0);
+  }
 }
 
 
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c
index 5061f8493..4b1695d69 100644
--- a/src/gnsrecord/gnsrecord_misc.c
+++ b/src/gnsrecord/gnsrecord_misc.c
@@ -62,14 +62,14 @@ GNUNET_GNSRECORD_string_to_lowercase (const char *src)
  * @return string form; will be overwritten by next call to #GNUNET_GNSRECORD_z2s
  */
 const char *
-GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z)
+GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z)
 {
-  static char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) * 8];
+  static char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) * 8];
   char *end;
 
   end = GNUNET_STRINGS_data_to_string ((const unsigned char *) z,
                                        sizeof(struct
-                                              GNUNET_CRYPTO_EcdsaPublicKey),
+                                              GNUNET_IDENTITY_PublicKey),
                                        buf, sizeof(buf));
   if (NULL == end)
   {
@@ -99,7 +99,7 @@ GNUNET_GNSRECORD_records_cmp (const struct GNUNET_GNSRECORD_Data *a,
   if (a->record_type != b->record_type)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Record type %lu != %lu\n", a->record_type, b->record_type);
+         "Record type %u != %u\n", a->record_type, b->record_type);
     return GNUNET_NO;
   }
   if ((a->expiration_time != b->expiration_time) &&
@@ -115,7 +115,7 @@ GNUNET_GNSRECORD_records_cmp (const struct GNUNET_GNSRECORD_Data *a,
       != (b->flags & GNUNET_GNSRECORD_RF_RCMP_FLAGS))
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Flags %lu (%lu) != %lu (%lu)\n", a->flags,
+         "Flags %u (%u) != %u (%u)\n", a->flags,
          a->flags & GNUNET_GNSRECORD_RF_RCMP_FLAGS, b->flags,
          b->flags & GNUNET_GNSRECORD_RF_RCMP_FLAGS);
     return GNUNET_NO;
@@ -236,12 +236,12 @@ GNUNET_GNSRECORD_is_expired (const struct GNUNET_GNSRECORD_Data *rd)
  *         key in an encoding suitable for DNS labels.
  */
 const char *
-GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
+GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey)
 {
   static char ret[128];
   char *pkeys;
 
-  pkeys = GNUNET_CRYPTO_ecdsa_public_key_to_string (pkey);
+  pkeys = GNUNET_IDENTITY_public_key_to_string (pkey);
   GNUNET_snprintf (ret,
                    sizeof(ret),
                    "%s",
@@ -262,15 +262,88 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
  */
 int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
-                               struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
+                               struct GNUNET_IDENTITY_PublicKey *pkey)
 {
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (zkey,
-                                                  strlen (zkey),
-                                                  pkey))
+      GNUNET_IDENTITY_public_key_from_string (zkey,
+                                              pkey))
     return GNUNET_SYSERR;
   return GNUNET_OK;
 }
 
 
+size_t
+GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block)
+{
+  switch (ntohl (block->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    return sizeof (uint32_t)   /* zone type */
+           + sizeof (block->ecdsa_block)   /* EcdsaBlock */
+           + ntohl (block->ecdsa_block.purpose.size)   /* Length of signed data */
+           - sizeof (block->ecdsa_block.purpose);   /* Purpose already in EcdsaBlock */
+    break;
+  default:
+    return 0;
+  }
+  return 0;
+}
+
+
+struct GNUNET_TIME_Absolute
+GNUNET_GNSRECORD_block_get_expiration (const struct
+                                       GNUNET_GNSRECORD_Block *block)
+{
+
+  switch (ntohl (block->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    return GNUNET_TIME_absolute_ntoh (block->ecdsa_block.expiration_time);
+  default:
+    return GNUNET_TIME_absolute_get_zero_ ();
+  }
+  return GNUNET_TIME_absolute_get_zero_ ();
+
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block,
+                                   struct GNUNET_HashCode *query)
+{
+  switch (ntohl (block->type))
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    GNUNET_CRYPTO_hash (&block->ecdsa_block.derived_key,
+                        sizeof (block->ecdsa_block.derived_key),
+                        query);
+    return GNUNET_OK;
+  default:
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_SYSERR;
+
+}
+
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_record_to_identity_key (const struct GNUNET_GNSRECORD_Data *rd,
+                                         struct GNUNET_IDENTITY_PublicKey *key)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got record of type %u\n",
+              rd->record_type);
+  switch (rd->record_type)
+  {
+  case GNUNET_GNSRECORD_TYPE_PKEY:
+    key->type = htonl (rd->record_type);
+    memcpy (&key->ecdsa_key, rd->data, sizeof (key->ecdsa_key));
+    return GNUNET_OK;
+  default:
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_SYSERR;
+
+
+}
+
 /* end of gnsrecord_misc.c */
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c
index 789ff8aa3..6e6f6414c 100644
--- a/src/gnsrecord/gnunet-gnsrecord-tvg.c
+++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c
@@ -90,28 +90,30 @@ run (void *cls,
   struct GNUNET_TIME_Absolute exp_abs = GNUNET_TIME_absolute_get ();
   struct GNUNET_GNSRECORD_Block *rrblock;
   char *bdata;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey id_priv;
-  struct GNUNET_CRYPTO_EcdsaPublicKey id_pub;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pkey_data_p;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey_data;
+  struct GNUNET_IDENTITY_PrivateKey id_priv;
+  struct GNUNET_IDENTITY_PublicKey id_pub;
+  struct GNUNET_IDENTITY_PrivateKey pkey_data_p;
+  struct GNUNET_IDENTITY_PublicKey pkey_data;
   void *data;
   size_t data_size;
   char *rdata;
   size_t rdata_size;
 
-  GNUNET_CRYPTO_ecdsa_key_create (&id_priv);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&id_priv,
-                                      &id_pub);
+  id_priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&id_priv,
+                                  &id_pub);
   fprintf (stdout, "Zone private key (d, little-endian scalar):\n");
-  print_bytes (&id_priv, sizeof(id_priv), 0);
+  print_bytes (&id_priv, GNUNET_IDENTITY_key_get_length (&id_pub), 0); //FIXME length for privkey?
   fprintf (stdout, "\n");
   fprintf (stdout, "Zone public key (zk):\n");
-  print_bytes (&id_pub, sizeof(id_pub), 0);
+  print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 0);
   fprintf (stdout, "\n");
 
-  GNUNET_CRYPTO_ecdsa_key_create (&pkey_data_p);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&pkey_data_p,
-                                      &pkey_data);
+  pkey_data_p.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&pkey_data_p.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&pkey_data_p,
+                                  &pkey_data);
   fprintf (stdout,
            "Label: %s\nRRCOUNT: %d\n\n", TEST_RECORD_LABEL, TEST_RRCOUNT);
   memset (rd, 0, sizeof (struct GNUNET_GNSRECORD_Data) * 2);
@@ -147,19 +149,20 @@ run (void *cls,
                                            TEST_RECORD_LABEL,
                                            rd,
                                            TEST_RRCOUNT);
-  size_t bdata_size = ntohl (rrblock->purpose.size)
+  size_t bdata_size = ntohl (rrblock->ecdsa_block.purpose.size)
                       - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
                       - sizeof(struct GNUNET_TIME_AbsoluteNBO);
-  size_t rrblock_size = ntohl (rrblock->purpose.size)
+  size_t ecblock_size = ntohl (rrblock->ecdsa_block.purpose.size)
                         + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
                         + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
+  size_t block_size = ecblock_size + sizeof (uint32_t);
 
-  bdata = (char*) &rrblock[1];
+  bdata = (char*) &(&rrblock->ecdsa_block)[1];
   fprintf (stdout, "BDATA:\n");
   print_bytes (bdata, bdata_size, 8);
   fprintf (stdout, "\n");
   fprintf (stdout, "RRBLOCK:\n");
-  print_bytes (rrblock, rrblock_size, 8);
+  print_bytes (rrblock, block_size, 8);
   fprintf (stdout, "\n");
 
 }
diff --git a/src/json/json_gnsrecord.c b/src/gnsrecord/json_gnsrecord.c
index 7e11aba94..068ff48c1 100644
--- a/src/json/json_gnsrecord.c
+++ b/src/gnsrecord/json_gnsrecord.c
@@ -26,6 +26,7 @@
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include "gnunet_json_lib.h"
+#include "gnunet_gnsrecord_lib.h"
 
 #define GNUNET_JSON_GNSRECORD_VALUE "value"
 #define GNUNET_JSON_GNSRECORD_RECORD_DATA "data"
@@ -258,7 +259,7 @@ clean_gnsrecordobject (void *cls, struct GNUNET_JSON_Specification *spec)
  * @return JSON Specification
  */
 struct GNUNET_JSON_Specification
-GNUNET_JSON_spec_gnsrecord (struct GNUNET_GNSRECORD_Data **rd,
+GNUNET_GNSRECORD_JSON_spec_gnsrecord (struct GNUNET_GNSRECORD_Data **rd,
                             unsigned int *rd_count,
                             char **name)
 {
@@ -277,3 +278,114 @@ GNUNET_JSON_spec_gnsrecord (struct GNUNET_GNSRECORD_Data **rd,
                                            .size_ptr = NULL };
   return ret;
 }
+
+
+/**
+ * Convert GNS record to JSON.
+ *
+ * @param rname name of record
+ * @param rd record data
+ * @return corresponding JSON encoding
+ */
+json_t *
+GNUNET_GNSRECORD_JSON_from_gnsrecord (const char*rname,
+                            const struct GNUNET_GNSRECORD_Data *rd,
+                            unsigned int rd_count)
+{
+  struct GNUNET_TIME_Absolute abs_exp;
+  struct GNUNET_TIME_Relative rel_exp;
+  const char *expiration_time_str;
+  const char *record_type_str;
+  char *value_str;
+  json_t *data;
+  json_t *record;
+  json_t *records;
+
+  data = json_object ();
+  if (NULL == data)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
+  if (0 !=
+      json_object_set_new (data,
+                           "record_name",
+                           json_string (rname)))
+  {
+    GNUNET_break (0);
+    json_decref (data);
+    return NULL;
+  }
+  records = json_array ();
+  if (NULL == records)
+  {
+    GNUNET_break (0);
+    json_decref (data);
+    return NULL;
+  }
+  for (int i = 0; i < rd_count; i++)
+  {
+    value_str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
+                                                  rd[i].data,
+                                                  rd[i].data_size);
+    if (GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION & rd[i].flags)
+    {
+      rel_exp.rel_value_us = rd[i].expiration_time;
+      expiration_time_str = GNUNET_STRINGS_relative_time_to_string (rel_exp,
+                                                                    GNUNET_NO);
+    }
+    else
+    {
+      abs_exp.abs_value_us = rd[i].expiration_time;
+      expiration_time_str = GNUNET_STRINGS_absolute_time_to_string (abs_exp);
+    }
+    record_type_str = GNUNET_GNSRECORD_number_to_typename (rd[i].record_type);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Packing %s %s %s %d\n",
+                value_str, record_type_str, expiration_time_str, rd[i].flags);
+    record = json_pack ("{s:s,s:s,s:s,s:b,s:b,s:b,s:b}",
+                        "value",
+                        value_str,
+                        "record_type",
+                        record_type_str,
+                        "expiration_time",
+                        expiration_time_str,
+                        "private",
+                        rd[i].flags & GNUNET_GNSRECORD_RF_PRIVATE,
+                        "relative_expiration",
+                        rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION,
+                        "supplemental",
+                        rd[i].flags & GNUNET_GNSRECORD_RF_SUPPLEMENTAL,
+                        "shadow",
+                        rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD);
+    GNUNET_free (value_str);
+    if (NULL == record)
+    {
+      GNUNET_break (0);
+      json_decref (records);
+      json_decref (data);
+      return NULL;
+    }
+    if (0 !=
+        json_array_append_new (records,
+                               record))
+    {
+      GNUNET_break (0);
+      json_decref (records);
+      json_decref (data);
+      return NULL;
+    }
+  }
+  if (0 !=
+      json_object_set_new (data,
+                           "data",
+                           records))
+  {
+    GNUNET_break (0);
+    json_decref (data);
+    return NULL;
+  }
+  return data;
+}
+
+
diff --git a/src/gnsrecord/perf_gnsrecord_crypto.c b/src/gnsrecord/perf_gnsrecord_crypto.c
index eb4633f75..d9a3c20cf 100644
--- a/src/gnsrecord/perf_gnsrecord_crypto.c
+++ b/src/gnsrecord/perf_gnsrecord_crypto.c
@@ -73,7 +73,7 @@ run (void *cls,
   struct GNUNET_GNSRECORD_Data *s_rd;
   const char *s_name;
   struct GNUNET_TIME_Absolute start_time;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+  struct GNUNET_IDENTITY_PrivateKey privkey;
   struct GNUNET_TIME_Absolute expire;
 
   (void) cls;
@@ -81,7 +81,8 @@ run (void *cls,
   (void) cfgfile;
   (void) cfg;
   expire = GNUNET_TIME_absolute_get ();
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
 
   /* test block creation */
   s_name = "DUMMY.dummy.gnunet";
diff --git a/src/gnsrecord/plugin_gnsrecord_dns.c b/src/gnsrecord/plugin_gnsrecord_dns.c
index 9ac6fb9e6..bde9944e2 100644
--- a/src/gnsrecord/plugin_gnsrecord_dns.c
+++ b/src/gnsrecord/plugin_gnsrecord_dns.c
@@ -100,7 +100,7 @@ dns_value_to_string (void *cls,
         return NULL;
       }
       GNUNET_asprintf (&result,
-                       "rname=%s mname=%s %lu,%lu,%lu,%lu,%lu",
+                       "rname=%s mname=%s %u,%u,%u,%u,%u",
                        soa->rname,
                        soa->mname,
                        soa->serial,
diff --git a/src/gnsrecord/test_gnsrecord_crypto.c b/src/gnsrecord/test_gnsrecord_crypto.c
index b67e9a123..d541f3076 100644
--- a/src/gnsrecord/test_gnsrecord_crypto.c
+++ b/src/gnsrecord/test_gnsrecord_crypto.c
@@ -100,17 +100,18 @@ run (void *cls,
      const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   struct GNUNET_GNSRECORD_Block *block;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
   struct GNUNET_HashCode query_pub;
   struct GNUNET_HashCode query_priv;
   struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get ();
-  struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+  struct GNUNET_IDENTITY_PrivateKey privkey;
 
 
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
   /* get public key */
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
 
   /* test query derivation */
   GNUNET_GNSRECORD_query_from_private_key (&privkey,
diff --git a/src/identity/gnunet-identity.c b/src/identity/gnunet-identity.c
index d0f5546f3..a01cd1ed7 100644
--- a/src/identity/gnunet-identity.c
+++ b/src/identity/gnunet-identity.c
@@ -66,6 +66,11 @@ static unsigned int verbose;
 static int quiet;
 
 /**
+ * Was "eddsa" specified?
+ */
+static int type_eddsa;
+
+/**
  * -C option
  */
 static char *create_ego;
@@ -108,7 +113,7 @@ static struct GNUNET_IDENTITY_Operation *delete_op;
 /**
  * Private key from command line option, or NULL.
  */
-struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+struct GNUNET_IDENTITY_PrivateKey pk;
 
 /**
  * Value to return from #main().
@@ -197,7 +202,7 @@ delete_finished (void *cls,
  */
 static void
 create_finished (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                 const struct GNUNET_IDENTITY_PrivateKey *pk,
                  const char *emsg)
 {
   struct GNUNET_IDENTITY_Operation **op = cls;
@@ -212,16 +217,16 @@ create_finished (void *cls,
   }
   else if (verbose)
   {
-    struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+    struct GNUNET_IDENTITY_PublicKey pub;
     char *pubs;
 
-    GNUNET_CRYPTO_ecdsa_key_get_public (pk, &pub);
-    pubs = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pub);
+    GNUNET_IDENTITY_key_get_public (pk, &pub);
+    pubs = GNUNET_IDENTITY_public_key_to_string (&pub);
     if (private_keys)
     {
       char *privs;
 
-      privs = GNUNET_CRYPTO_ecdsa_private_key_to_string (pk);
+      privs = GNUNET_IDENTITY_private_key_to_string (pk);
       fprintf (stdout, "%s - %s\n", pubs, privs);
       GNUNET_free (privs);
     }
@@ -293,7 +298,7 @@ print_ego (void *cls,
            void **ctx,
            const char *identifier)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
   char *s;
   char *privs;
 
@@ -342,8 +347,8 @@ print_ego (void *cls,
                      set_ego)) )
     return;
   GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-  s = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
-  privs = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+  s = GNUNET_IDENTITY_public_key_to_string (&pk);
+  privs = GNUNET_IDENTITY_private_key_to_string (
     GNUNET_IDENTITY_ego_get_private_key (ego));
   if ((monitor) || (NULL != identifier))
   {
@@ -357,9 +362,16 @@ print_ego (void *cls,
     else
     {
       if (private_keys)
-        fprintf (stdout, "%s - %s - %s\n", identifier, s, privs);
+        fprintf (stdout, "%s - %s - %s - %s\n",
+                 identifier, s, privs,
+                 (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ?
+                 "ECDSA" : "EdDSA");
       else
-        fprintf (stdout, "%s - %s\n", identifier, s);
+        fprintf (stdout, "%s - %s - %s\n",
+                 identifier, s,
+                 (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ?
+                 "ECDSA" : "EdDSA");
+
     }
   }
   GNUNET_free (privs);
@@ -407,11 +419,12 @@ run (void *cls,
                                      strlen (privkey_ego),
                                      &pk,
                                      sizeof(struct
-                                            GNUNET_CRYPTO_EcdsaPrivateKey));
+                                            GNUNET_IDENTITY_PrivateKey));
       create_op =
         GNUNET_IDENTITY_create (sh,
                                 create_ego,
                                 &pk,
+                                0, // Ignored
                                 &create_finished,
                                 &create_op);
     }
@@ -420,6 +433,9 @@ run (void *cls,
         GNUNET_IDENTITY_create (sh,
                                 create_ego,
                                 NULL,
+                                (type_eddsa) ?
+                                GNUNET_IDENTITY_TYPE_EDDSA :
+                                GNUNET_IDENTITY_TYPE_ECDSA,
                                 &create_finished,
                                 &create_op);
   }
@@ -456,6 +472,11 @@ main (int argc, char *const *argv)
                                  gettext_noop (
                                    "set the private key for the identity to PRIVATE_KEY (use together with -C)"),
                                  &privkey_ego),
+    GNUNET_GETOPT_option_flag ('X',
+                               "eddsa",
+                               gettext_noop (
+                                 "generate an EdDSA identity. (use together with -C) EXPERIMENTAL"),
+                               &type_eddsa),
     GNUNET_GETOPT_option_flag ('d',
                                "display",
                                gettext_noop ("display all egos"),
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index bdacf3ba0..6cdb1c2f7 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -57,7 +57,7 @@ struct Ego
   /**
    * Private key of the ego.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey pk;
 
   /**
    * String identifier for the ego.
@@ -538,8 +538,8 @@ handle_get_default_message (void *cls,
  * @return 0 if the keys are equal
  */
 static int
-key_cmp (const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk1,
-         const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk2)
+key_cmp (const struct GNUNET_IDENTITY_PrivateKey *pk1,
+         const struct GNUNET_IDENTITY_PrivateKey *pk2)
 {
   return GNUNET_memcmp (pk1, pk2);
 }
@@ -738,10 +738,10 @@ handle_create_message (void *cls,
   send_result_code (client, 0, NULL);
   fn = get_ego_filename (ego);
   (void) GNUNET_DISK_directory_create_for_file (fn);
-  if (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey) !=
+  if (sizeof(struct GNUNET_IDENTITY_PrivateKey) !=
       GNUNET_DISK_fn_write (fn,
                             &crm->private_key,
-                            sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
+                            sizeof(struct GNUNET_IDENTITY_PrivateKey),
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_USER_WRITE))
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", fn);
@@ -1038,6 +1038,67 @@ handle_delete_message (void *cls, const struct DeleteMessage *dm)
 }
 
 
+static int
+read_from_file (const char *filename,
+                void *buf,
+                size_t buf_size)
+{
+  int fd;
+  struct stat sb;
+
+  fd = open (filename,
+             O_RDONLY);
+  if (-1 == fd)
+  {
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (0 != fstat (fd,
+                  &sb))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "stat",
+                              filename);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (sb.st_size != buf_size)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "File `%s' has wrong size (%llu), expected %llu bytes\n",
+                filename,
+                (unsigned long long) sb.st_size,
+                (unsigned long long) buf_size);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (buf_size !=
+      read (fd,
+            buf,
+            buf_size))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "read",
+                              filename);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_assert (0 == close (fd));
+  return GNUNET_OK;
+}
+
+
 /**
  * Process the given file from the "EGODIR".  Parses the file
  * and creates the respective 'struct Ego' in memory.
@@ -1063,9 +1124,9 @@ process_ego_file (void *cls,
   }
   ego = GNUNET_new (struct Ego);
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_key_from_file (filename,
-                                         GNUNET_NO,
-                                         &ego->pk))
+      read_from_file (filename,
+                      &ego->pk,
+                      sizeof (ego->pk)))
   {
     GNUNET_free (ego);
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
diff --git a/src/identity/identity.h b/src/identity/identity.h
index ef638fa36..11c5883bc 100644
--- a/src/identity/identity.h
+++ b/src/identity/identity.h
@@ -30,6 +30,44 @@
 
 #include "gnunet_common.h"
 
+/**
+ * Handle for an ego.
+ */
+struct GNUNET_IDENTITY_Ego
+{
+  /**
+   * Hash of the private key of this ego.
+   */
+  struct GNUNET_HashCode id;
+
+  /**
+   * The identity key pair
+   */
+  struct GNUNET_IDENTITY_PublicKey pub;
+
+  /**
+   * The identity key pair
+   */
+  struct GNUNET_IDENTITY_PrivateKey pk;
+
+  /**
+   * Current name associated with this ego.
+   */
+  char *name;
+
+  /**
+   * Client context associated with this ego.
+   */
+  void *ctx;
+
+  /**
+   * Set to true once @e pub was initialized
+   */
+  bool pub_initialized;
+};
+
+
+
 
 GNUNET_NETWORK_STRUCT_BEGIN
 
@@ -95,7 +133,7 @@ struct UpdateMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated ego name */
 };
@@ -151,7 +189,7 @@ struct SetDefaultMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated service name */
 };
@@ -181,7 +219,7 @@ struct CreateRequestMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated identity name */
 };
@@ -239,42 +277,5 @@ struct DeleteMessage
 
 GNUNET_NETWORK_STRUCT_END
 
-/**
- * Handle for an ego.
- */
-struct GNUNET_IDENTITY_Ego
-{
-  /**
-   * Hash of the private key of this ego.
-   */
-  struct GNUNET_HashCode id;
-
-  /**
-   * Private key associated with this ego.
-   */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
-
-  /**
-   * Public key associated with this ego. Initialized on demand.
-   * Always use #GNUNET_IDENTITY_ego_get_public_key() to obtain.
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
-
-  /**
-   * Current name associated with this ego.
-   */
-  char *name;
-
-  /**
-   * Client context associated with this ego.
-   */
-  void *ctx;
-
-  /**
-   * Set to true once @e pub was initialized
-   */
-  bool pub_initialized;
-};
-
 
 #endif
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c
index f7aca1655..213b6966e 100644
--- a/src/identity/identity_api.c
+++ b/src/identity/identity_api.c
@@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_Operation
   /**
    * Private key to return to @e create_cont, or NULL.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey pk;
 
   /**
    * Continuation to invoke with the result of the transmission for
@@ -157,13 +157,12 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 {
   static struct GNUNET_IDENTITY_Ego anon;
   static int setup;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
 
   if (setup)
     return &anon;
-  anon.pk = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
-  GNUNET_CRYPTO_ecdsa_key_get_public (&anon.pk,
-                                      &pub);
+  anon.pk.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  anon.pub.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  anon.pk.ecdsa_key = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
   GNUNET_CRYPTO_hash (&anon.pk,
                       sizeof(anon.pk),
                       &anon.id);
@@ -172,6 +171,51 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 }
 
 
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_key_get_public (const struct
+                                GNUNET_IDENTITY_PrivateKey *privkey,
+                                struct GNUNET_IDENTITY_PublicKey *key)
+{
+  key->type = privkey->type;
+  switch (ntohl (privkey->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
+                                        &key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
+                                        &key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+static int
+private_key_create (enum GNUNET_IDENTITY_KeyType ktype,
+                    struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  key->type = htonl (ktype);
+  switch (ktype)
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_create (&key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_create (&key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
 /**
  * Try again to connect to the identity service.
  *
@@ -591,7 +635,7 @@ GNUNET_IDENTITY_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+const struct GNUNET_IDENTITY_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
 {
   return &ego->pk;
@@ -606,12 +650,11 @@ GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
+                                    struct GNUNET_IDENTITY_PublicKey *pk)
 {
   if (GNUNET_NO == ego->pub_initialized)
   {
-    GNUNET_CRYPTO_ecdsa_key_get_public (&ego->pk,
-                                        &ego->pub);
+    GNUNET_IDENTITY_key_get_public (&ego->pk, &ego->pub);
     ego->pub_initialized = GNUNET_YES;
   }
   *pk = ego->pub;
@@ -710,20 +753,11 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *h,
 }
 
 
-/**
- * Create a new identity with the given name.
- *
- * @param h identity service to use
- * @param name desired name
- * @param privkey desired private key or NULL to create one
- * @param cont function to call with the result (will only be called once)
- * @param cont_cls closure for @a cont
- * @return handle to abort the operation
- */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
                         const char *name,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,
+                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        enum GNUNET_IDENTITY_KeyType ktype,
                         GNUNET_IDENTITY_CreateContinuation cont,
                         void *cont_cls)
 {
@@ -749,7 +783,10 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
   crm->name_len = htons (slen);
   crm->reserved = htons (0);
   if (NULL == privkey)
-    GNUNET_CRYPTO_ecdsa_key_create (&crm->private_key);
+  {
+    GNUNET_assert (GNUNET_OK ==
+                   private_key_create (ktype, &crm->private_key));
+  }
   else
     crm->private_key = *privkey;
   op->pk = crm->private_key;
@@ -916,5 +953,96 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h)
   GNUNET_free (h);
 }
 
+ssize_t
+private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+
+
+
+ssize_t
+GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+
+
+char *
+GNUNET_IDENTITY_public_key_to_string (const struct
+                                      GNUNET_IDENTITY_PublicKey *key)
+{
+  size_t size = GNUNET_IDENTITY_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+
+
+char *
+GNUNET_IDENTITY_private_key_to_string (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key)
+{
+  size_t size = private_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_public_key_from_string (const char *str,
+                                        struct GNUNET_IDENTITY_PublicKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way?
+
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_private_key_from_string (const char *str,
+                                         struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way?
+}
+
 
 /* end of identity_api.c */
diff --git a/src/identity/identity_api_lookup.c b/src/identity/identity_api_lookup.c
index 26b1eacd7..51afb2515 100644
--- a/src/identity/identity_api_lookup.c
+++ b/src/identity/identity_api_lookup.c
@@ -127,14 +127,12 @@ handle_identity_update (void *cls, const struct UpdateMessage *um)
   struct GNUNET_IDENTITY_EgoLookup *el = cls;
   uint16_t name_len = ntohs (um->name_len);
   const char *str = (0 == name_len) ? NULL : (const char *) &um[1];
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
   struct GNUNET_HashCode id;
   struct GNUNET_IDENTITY_Ego ego;
   memset (&ego, 0, sizeof (ego));
 
   GNUNET_break (GNUNET_YES != ntohs (um->end_of_list));
-  GNUNET_CRYPTO_ecdsa_key_get_public (&um->private_key, &pub);
-  GNUNET_CRYPTO_hash (&pub, sizeof(pub), &id);
+  GNUNET_CRYPTO_hash (&um->private_key, sizeof(um->private_key), &id);
   ego.pk = um->private_key;
   ego.name = (char *) str;
   ego.id = id;
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index d86d29e36..dba1d478d 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -384,7 +384,7 @@ ego_get_for_subsystem (void *cls,
 {
   struct RequestHandle *handle = cls;
   struct MHD_Response *resp;
-  struct GNUNET_CRYPTO_EcdsaPublicKey public_key;
+  struct GNUNET_IDENTITY_PublicKey public_key;
   json_t *json_root;
   char *result_str;
   char *public_key_string;
@@ -398,7 +398,7 @@ ego_get_for_subsystem (void *cls,
   }
 
   GNUNET_IDENTITY_ego_get_public_key (ego, &public_key);
-  public_key_string = GNUNET_CRYPTO_ecdsa_public_key_to_string (&public_key);
+  public_key_string = GNUNET_IDENTITY_public_key_to_string (&public_key);
 
   // create json with subsystem identity
   json_root = json_object ();
@@ -496,7 +496,7 @@ ego_get_all (struct GNUNET_REST_RequestHandle *con_handle,
         GNUNET_CONTAINER_multihashmap_contains (
           handle->rest_handle->url_param_map, &key))
     {
-      privkey_str = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+      privkey_str = GNUNET_IDENTITY_private_key_to_string (
         GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego));
       json_object_set_new (json_ego,
                            GNUNET_REST_IDENTITY_PARAM_PRIVKEY,
@@ -549,7 +549,7 @@ ego_get_response (struct RequestHandle *handle, struct EgoEntry *ego_entry)
       GNUNET_CONTAINER_multihashmap_contains (
         handle->rest_handle->url_param_map, &key))
   {
-    privkey_str = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+    privkey_str = GNUNET_IDENTITY_private_key_to_string (
       GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego));
     json_object_set_new (json_ego,
                          GNUNET_REST_IDENTITY_PARAM_PRIVKEY,
@@ -686,7 +686,7 @@ do_finished (void *cls, const char *emsg)
  */
 static void
 do_finished_create (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                    const struct GNUNET_IDENTITY_PrivateKey *pk,
                     const char *emsg)
 {
   struct RequestHandle *handle = cls;
@@ -999,8 +999,8 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
   json_error_t err;
   char *egoname;
   char *privkey;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *pk_ptr;
+  struct GNUNET_IDENTITY_PrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey *pk_ptr;
   int json_unpack_state;
   char term_data[handle->data_size + 1];
 
@@ -1074,7 +1074,7 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
                                    strlen (privkey),
                                    &pk,
                                    sizeof(struct
-                                          GNUNET_CRYPTO_EcdsaPrivateKey));
+                                          GNUNET_IDENTITY_PrivateKey));
     pk_ptr = &pk;
   }
   else
@@ -1084,6 +1084,7 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
   handle->op = GNUNET_IDENTITY_create (identity_handle,
                                        handle->name,
                                        pk_ptr,
+                                       GNUNET_IDENTITY_TYPE_ECDSA,
                                        &do_finished_create,
                                        handle);
 }
@@ -1208,7 +1209,7 @@ list_ego (void *cls,
           const char *identifier)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if ((NULL == ego) && (ID_REST_STATE_INIT == state))
   {
@@ -1219,7 +1220,7 @@ list_ego (void *cls,
   {
     ego_entry = GNUNET_new (struct EgoEntry);
     GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-    ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+    ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
     ego_entry->ego = ego;
     ego_entry->identifier = GNUNET_strdup (identifier);
     GNUNET_CONTAINER_DLL_insert_tail (ego_head,
@@ -1245,7 +1246,7 @@ list_ego (void *cls,
       /* Add */
       ego_entry = GNUNET_new (struct EgoEntry);
       GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-      ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+      ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
       ego_entry->ego = ego;
       ego_entry->identifier = GNUNET_strdup (identifier);
       GNUNET_CONTAINER_DLL_insert_tail (ego_head,
diff --git a/src/identity/test_identity.c b/src/identity/test_identity.c
index 37eeab238..4954fe7be 100644
--- a/src/identity/test_identity.c
+++ b/src/identity/test_identity.c
@@ -253,7 +253,7 @@ success_rename_cont (void *cls, const char *emsg)
  */
 static void
 create_cb (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+           const struct GNUNET_IDENTITY_PrivateKey *pk,
            const char *emsg)
 {
   CHECK (NULL != pk);
@@ -279,7 +279,11 @@ run (void *cls,
   GNUNET_SCHEDULER_add_shutdown (&cleanup, NULL);
   h = GNUNET_IDENTITY_connect (cfg, &notification_cb, NULL);
   CHECK (NULL != h);
-  op = GNUNET_IDENTITY_create (h, "test-id", NULL, &create_cb, NULL);
+  op = GNUNET_IDENTITY_create (h,
+                               "test-id",
+                               NULL,
+                               GNUNET_IDENTITY_TYPE_ECDSA,
+                               &create_cb, NULL);
 }
 
 
diff --git a/src/identity/test_identity_defaults.c b/src/identity/test_identity_defaults.c
index 53eec1252..2d5244d1b 100644
--- a/src/identity/test_identity_defaults.c
+++ b/src/identity/test_identity_defaults.c
@@ -241,7 +241,7 @@ notification_cb (void *cls,
  */
 static void
 create_cb (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+           const struct GNUNET_IDENTITY_PrivateKey *pk,
            const char *emsg)
 {
   CHECK (NULL == emsg);
@@ -266,7 +266,11 @@ run_set (void *cls,
   GNUNET_SCHEDULER_add_shutdown (&cleanup, NULL);
   h = GNUNET_IDENTITY_connect (cfg, &notification_cb, NULL);
   CHECK (NULL != h);
-  op = GNUNET_IDENTITY_create (h, "test-id", NULL, &create_cb, NULL);
+  op = GNUNET_IDENTITY_create (h,
+                               "test-id",
+                               NULL,
+                               GNUNET_IDENTITY_TYPE_ECDSA,
+                               &create_cb, NULL);
 }
 
 
diff --git a/src/include/gnunet_conversation_service.h b/src/include/gnunet_conversation_service.h
index 4566caad0..be5a81cfb 100644
--- a/src/include/gnunet_conversation_service.h
+++ b/src/include/gnunet_conversation_service.h
@@ -147,7 +147,7 @@ typedef void
                                          struct GNUNET_CONVERSATION_Caller *
                                          caller,
                                          const struct
-                                         GNUNET_CRYPTO_EcdsaPublicKey *caller_id);
+                                         GNUNET_IDENTITY_PublicKey *caller_id);
 
 
 /**
diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h
index ef81e9a88..3f6c9b9aa 100644
--- a/src/include/gnunet_gns_service.h
+++ b/src/include/gnunet_gns_service.h
@@ -36,6 +36,7 @@
 
 #include "gnunet_util_lib.h"
 #include "gnunet_dnsparser_lib.h"
+#include "gnunet_identity_service.h"
 #include "gnunet_namestore_service.h"
 
 #ifdef __cplusplus
@@ -139,7 +140,7 @@ enum GNUNET_GNS_LocalOptions
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
                    const char *name,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                   const struct GNUNET_IDENTITY_PublicKey *zone,
                    uint32_t type,
                    enum GNUNET_GNS_LocalOptions options,
                    GNUNET_GNS_LookupResultProcessor proc,
@@ -163,7 +164,7 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle,
                            const char *name,
-                           const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                           const struct GNUNET_IDENTITY_PublicKey *zone,
                            uint32_t type,
                            enum GNUNET_GNS_LocalOptions options,
                            uint16_t recursion_depth_limit,
diff --git a/src/include/gnunet_gnsrecord_json_lib.h b/src/include/gnunet_gnsrecord_json_lib.h
new file mode 100644
index 000000000..966461705
--- /dev/null
+++ b/src/include/gnunet_gnsrecord_json_lib.h
@@ -0,0 +1,73 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2012, 2013 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * API that can be used to manipulate JSON GNS record data
+ *
+ * @defgroup gnsrecord  GNS Record library
+ * Manipulate GNS record data
+ *
+ * @see [Documentation](https://gnunet.org/gns-plugins)
+ *
+ * @{
+ */
+#ifndef GNUNET_GNSRECORD_JSON_LIB_H
+#define GNUNET_GNSRECORD_JSON_LIB_H
+
+#include "gnunet_gnsrecord_lib.h"
+#include "gnunet_json_lib.h"
+
+#ifdef __cplusplus
+extern "C" {
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+
+/**
+ * JSON Specification for GNS Records.
+ *
+ * @param gnsrecord_object struct of GNUNET_GNSRECORD_Data to fill
+ * @return JSON Specification
+ */
+struct GNUNET_JSON_Specification
+GNUNET_GNSRECORD_JSON_spec_gnsrecord (struct GNUNET_GNSRECORD_Data **rd,
+                            unsigned int *rd_count,
+                            char **name);
+
+
+/**
+ * Convert GNS record to JSON.
+ *
+ * @param rname name of record
+ * @param rd record data
+ * @return corresponding JSON encoding
+ */
+json_t *
+GNUNET_GNSRECORD_JSON_from_gnsrecord (const char*rname,
+                            const struct GNUNET_GNSRECORD_Data *rd,
+                            unsigned int rd_count);
+
+
+#endif
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 960203fb1..530879b21 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -34,6 +34,8 @@
 #ifndef GNUNET_GNSRECORD_LIB_H
 #define GNUNET_GNSRECORD_LIB_H
 
+#include "gnunet_identity_service.h"
+
 #ifdef __cplusplus
 extern "C" {
 #if 0 /* keep Emacsens' auto-indent happy */
@@ -55,7 +57,7 @@ extern "C" {
 /**
  * Record type for GNS zone transfer ("PKEY").
  */
-#define GNUNET_GNSRECORD_TYPE_PKEY 65536
+#define GNUNET_GNSRECORD_TYPE_PKEY GNUNET_IDENTITY_TYPE_ECDSA
 
 /**
  * Record type for GNS nick names ("NICK").
@@ -151,6 +153,11 @@ extern "C" {
  */
 #define GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION 65555
 
+/**
+ * Record type for EDKEY delegations.
+ */
+#define GNUNET_GNSRECORD_TYPE_EDKEY GNUNET_IDENTITY_TYPE_EDDSA
+
 
 /**
  * Flags that can be set for a record.
@@ -261,21 +268,20 @@ struct GNUNET_GNSRECORD_PlaceData
   /* Followed by struct GNUNET_PeerIdentity relays[relay_count] */
 };
 
-
 /**
  * Information we have in an encrypted block with record data (i.e. in the DHT).
  */
-struct GNUNET_GNSRECORD_Block
+struct GNUNET_GNSRECORD_EcdsaBlock
 {
   /**
-   * Signature of the block.
+   * Derived key used for signing; hash of this is the query.
    */
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
 
   /**
-   * Derived key used for signing; hash of this is the query.
+   * Signature of the block.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
 
   /**
    * Number of bytes signed; also specifies the number of bytes
@@ -291,6 +297,17 @@ struct GNUNET_GNSRECORD_Block
   /* followed by encrypted data */
 };
 
+struct GNUNET_GNSRECORD_Block
+{
+  uint32_t type;
+
+  union
+  {
+    struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block;
+    //struct GNUNET_GNSRECORD_EddsaBlock eddsa_block;
+  };
+};
+
 
 /**
  * Record type used to box up SRV and TLSA records.  For example, a
@@ -335,7 +352,7 @@ struct GNUNET_GNSRECORD_ReverseRecord
   /**
    * The public key of the namespace the is delegating to our namespace
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   /**
    * The expiration time of the delegation
@@ -488,7 +505,7 @@ GNUNET_GNSRECORD_string_to_lowercase (const char *src);
  * #GNUNET_GNSRECORD_z2s.
  */
 const char *
-GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z);
+GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
 
 
 /**
@@ -502,7 +519,7 @@ GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z);
  *         key in an encoding suitable for DNS labels.
  */
 const char *
-GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
 
 
 /**
@@ -516,7 +533,7 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
  */
 int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
-                               struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+                               struct GNUNET_IDENTITY_PublicKey *pkey);
 
 
 /**
@@ -528,7 +545,7 @@ GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
  */
 void
 GNUNET_GNSRECORD_query_from_private_key (
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, const char *label,
+  const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label,
   struct GNUNET_HashCode *query);
 
 
@@ -541,7 +558,7 @@ GNUNET_GNSRECORD_query_from_private_key (
  */
 void
 GNUNET_GNSRECORD_query_from_public_key (
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label,
+  const struct GNUNET_IDENTITY_PublicKey *pub, const char *label,
   struct GNUNET_HashCode *query);
 
 
@@ -555,7 +572,7 @@ GNUNET_GNSRECORD_query_from_public_key (
  * @param rd_count number of records in @a rd
  */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -574,7 +591,7 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  * @param rd_count number of records in @a rd
  */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key,
                                 struct GNUNET_TIME_Absolute expire,
                                 const char *label,
                                 const struct GNUNET_GNSRECORD_Data *rd,
@@ -606,7 +623,7 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block);
 int
 GNUNET_GNSRECORD_block_decrypt (
   const struct GNUNET_GNSRECORD_Block *block,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label,
+  const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label,
   GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls);
 
 
@@ -636,6 +653,50 @@ GNUNET_GNSRECORD_record_get_expiration_time (
   unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd);
 
 
+/**
+ * Returns the length of this block in bytes.
+ * Block length strongly depends on the zone type.
+ *
+ * @param block the block.
+ * @return the length of this block in bytes
+ */
+size_t
+GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block);
+
+/**
+ * Returns the expiration of a block.
+ *
+ * @param block the block.
+ * @return the block expiration.
+ */
+struct GNUNET_TIME_Absolute
+GNUNET_GNSRECORD_block_get_expiration (const struct GNUNET_GNSRECORD_Block *block);
+
+
+/**
+ * Builds the query hash from a block.
+ *
+ * @param block the block.
+ * @param query where to write the query hash.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block,
+                                   struct GNUNET_HashCode *query);
+
+
+/**
+ * Build a #GNUNET_GNSRECORD_PublicKey from a
+ * zone delegation resource record set.
+ *
+ * @param the resource record set. MUST be a delegation record.
+ * @param key where to write the identtiy key.
+ * @return GNUNET_SYSERR on error or if the zone is not a delegation zone.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_record_to_identity_key (const struct GNUNET_GNSRECORD_Data *rd,
+                                         struct GNUNET_IDENTITY_PublicKey *key);
+
 #if 0 /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 94127248e..17714fec4 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -57,6 +57,21 @@ extern "C" {
  */
 #define GNUNET_IDENTITY_VERSION 0x00000100
 
+enum GNUNET_IDENTITY_KeyType
+{
+  /**
+   * The identity type. The value is the same as the
+   * PKEY record type.
+   */
+  GNUNET_IDENTITY_TYPE_ECDSA = 65536,
+
+  /**
+   * EDDSA identity. The value is the same as the EDKEY
+   * record type.
+   */
+  GNUNET_IDENTITY_TYPE_EDDSA = 65556
+};
+
 /**
  * Handle to access the identity service.
  */
@@ -67,6 +82,61 @@ struct GNUNET_IDENTITY_Handle;
  */
 struct GNUNET_IDENTITY_Ego;
 
+
+/**
+ * A private key for an identity as per LSD0001.
+ */
+struct GNUNET_IDENTITY_PrivateKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
+
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
+  };
+};
+
+
+/**
+ * An identity key as per LSD0001.
+ */
+struct GNUNET_IDENTITY_PublicKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
+
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
+  };
+};
+
+
 /**
  * Handle for an operation with the identity service.
  */
@@ -79,7 +149,7 @@ struct GNUNET_IDENTITY_Operation;
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+const struct GNUNET_IDENTITY_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
 
 
@@ -100,7 +170,7 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pk);
+                                    struct GNUNET_IDENTITY_PublicKey *pk);
 
 
 /**
@@ -224,7 +294,7 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 typedef void
 (*GNUNET_IDENTITY_CreateContinuation) (
   void *cls,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+  const struct GNUNET_IDENTITY_PrivateKey *pk,
   const char *emsg);
 
 
@@ -234,6 +304,7 @@ typedef void
  * @param id identity service to use
  * @param name desired name
  * @param privkey desired private key or NULL to create one
+ * @param ktype the type of key to create. Ignored if privkey != NULL.
  * @param cont function to call with the result (will only be called once)
  * @param cont_cls closure for @a cont
  * @return handle to abort the operation
@@ -241,7 +312,8 @@ typedef void
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
                         const char *name,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,
+                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        enum GNUNET_IDENTITY_KeyType ktype,
                         GNUNET_IDENTITY_CreateContinuation cont,
                         void *cont_cls);
 
@@ -292,6 +364,84 @@ void
 GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
 
 
+/**
+ * Get the compacted length of a #GNUNET_IDENTITY_PublicKey.
+ * Compacted means that it returns the minimum number of bytes this
+ * key is long, as opposed to the union structure inside
+ * #GNUNET_IDENTITY_PublicKey.
+ * Useful for compact serializations.
+ *
+ * @param key the key.
+ * @return -1 on error, else the compacted length of the key.
+ */
+ssize_t
+GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key);
+
+
+/**
+ * Creates a (Base32) string representation of the public key.
+ * The resulting string encodes a compacted representation of the key.
+ * See also #GNUNET_IDENTITY_key_get_length.
+ *
+ * @param key the key.
+ * @return the string representation of the key, or NULL on error.
+ */
+char *
+GNUNET_IDENTITY_public_key_to_string (const struct
+                                      GNUNET_IDENTITY_PublicKey *key);
+
+
+/**
+ * Creates a (Base32) string representation of the private key.
+ * The resulting string encodes a compacted representation of the key.
+ * See also #GNUNET_IDENTITY_key_get_length.
+ *
+ * @param key the key.
+ * @return the string representation of the key, or NULL on error.
+ */
+char *
+GNUNET_IDENTITY_private_key_to_string (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key);
+
+
+/**
+ * Parses a (Base32) string representation of the public key.
+ * See also #GNUNET_IDENTITY_public_key_to_string.
+ *
+ * @param str the encoded key.
+ * @param key where to write the key.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_public_key_from_string (const char*str,
+                                        struct GNUNET_IDENTITY_PublicKey *key);
+
+
+/**
+ * Parses a (Base32) string representation of the private key.
+ * See also #GNUNET_IDENTITY_private_key_to_string.
+ *
+ * @param str the encoded key.
+ * @param key where to write the key.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_private_key_from_string (const char*str,
+                                         struct GNUNET_IDENTITY_PrivateKey *key);
+
+
+/**
+ * Retrieves the public key representation of a private key.
+ *
+ * @param privkey the private key.
+ * @param key the public key result.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_key_get_public (const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                                struct GNUNET_IDENTITY_PublicKey *key);
+
+
 /* ************* convenience API to lookup an ego ***************** */
 
 /**
@@ -344,7 +494,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
 typedef void
 (*GNUNET_IDENTITY_EgoSuffixCallback) (
   void *cls,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+  const struct GNUNET_IDENTITY_PrivateKey *priv,
   const char *ego_name);
 
 
diff --git a/src/include/gnunet_json_lib.h b/src/include/gnunet_json_lib.h
index 07a14d329..92597d3dd 100644
--- a/src/include/gnunet_json_lib.h
+++ b/src/include/gnunet_json_lib.h
@@ -28,7 +28,6 @@
 #define GNUNET_JSON_LIB_H
 
 #include "gnunet_util_lib.h"
-#include "gnunet_gnsrecord_lib.h"
 #include <jansson.h>
 #include <microhttpd.h>
 
@@ -359,18 +358,6 @@ GNUNET_JSON_spec_rsa_signature (const char *name,
                                 struct GNUNET_CRYPTO_RsaSignature **sig);
 
 
-/**
- * JSON Specification for GNS Records.
- *
- * @param gnsrecord_object struct of GNUNET_GNSRECORD_Data to fill
- * @return JSON Specification
- */
-struct GNUNET_JSON_Specification
-GNUNET_JSON_spec_gnsrecord (struct GNUNET_GNSRECORD_Data **rd,
-                            unsigned int *rd_count,
-                            char **name);
-
-
 /* ****************** Generic generator interface ******************* */
 
 
@@ -446,18 +433,6 @@ GNUNET_JSON_from_rsa_public_key (const struct GNUNET_CRYPTO_RsaPublicKey *pk);
 json_t *
 GNUNET_JSON_from_rsa_signature (const struct GNUNET_CRYPTO_RsaSignature *sig);
 
-/**
- * Convert Gns record to JSON.
- *
- * @param rname name of record
- * @param rd record data
- * @return corresponding JSON encoding
- */
-json_t *
-GNUNET_JSON_from_gnsrecord (const char *rname,
-                            const struct GNUNET_GNSRECORD_Data *rd,
-                            unsigned int rd_count);
-
 /* ******************* Helpers for MHD upload handling ******************* */
 
 /**
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index 443c9e451..9cc8abc6e 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -58,7 +58,7 @@ typedef void
 (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
                                     uint64_t serial,
                                     const struct
-                                    GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
+                                    GNUNET_IDENTITY_PrivateKey *private_key,
                                     const char *label,
                                     unsigned int rd_count,
                                     const struct GNUNET_GNSRECORD_Data *rd);
@@ -87,7 +87,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   int
   (*store_records) (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                    const struct GNUNET_IDENTITY_PrivateKey *zone,
                     const char *label,
                     unsigned int rd_count,
                     const struct GNUNET_GNSRECORD_Data *rd);
@@ -104,7 +104,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   int
   (*lookup_records) (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                     const struct GNUNET_IDENTITY_PrivateKey *zone,
                      const char *label,
                      GNUNET_NAMESTORE_RecordIterator iter,
                      void *iter_cls);
@@ -126,7 +126,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   int
   (*iterate_records) (void *cls,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                      const struct GNUNET_IDENTITY_PrivateKey *zone,
                       uint64_t serial,
                       uint64_t limit,
                       GNUNET_NAMESTORE_RecordIterator iter,
@@ -146,8 +146,8 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   int
   (*zone_to_name) (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone,
+                   const struct GNUNET_IDENTITY_PublicKey *value_zone,
                    GNUNET_NAMESTORE_RecordIterator iter,
                    void *iter_cls);
 };
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index bf42c8d34..ca4d2cb52 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -41,6 +41,7 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_block_lib.h"
 #include "gnunet_gnsrecord_lib.h"
+#include "gnunet_identity_service.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -127,7 +128,7 @@ typedef void
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
                                 const struct
-                                GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+                                GNUNET_IDENTITY_PrivateKey *pkey,
                                 const char *label,
                                 unsigned int rd_count,
                                 const struct GNUNET_GNSRECORD_Data *rd,
@@ -147,7 +148,7 @@ GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
 typedef void
 (*GNUNET_NAMESTORE_RecordMonitor) (void *cls,
                                    const struct
-                                   GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                   GNUNET_IDENTITY_PrivateKey *zone,
                                    const char *label,
                                    unsigned int rd_count,
                                    const struct GNUNET_GNSRECORD_Data *rd);
@@ -170,7 +171,7 @@ typedef void
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
                                  const struct
-                                 GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+                                 GNUNET_IDENTITY_PrivateKey *pkey,
                                  const char *label,
                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                  void *error_cb_cls,
@@ -197,9 +198,9 @@ GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_zone_to_name (struct GNUNET_NAMESTORE_Handle *h,
-                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                               const struct GNUNET_IDENTITY_PrivateKey *zone,
                                const struct
-                               GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                               GNUNET_IDENTITY_PublicKey *value_zone,
                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                void *error_cb_cls,
                                GNUNET_NAMESTORE_RecordMonitor proc,
@@ -246,7 +247,7 @@ GNUNET_NAMESTORE_cancel (struct GNUNET_NAMESTORE_QueueEntry *qe);
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start (struct GNUNET_NAMESTORE_Handle *h,
                                        const struct
-                                       GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                       GNUNET_IDENTITY_PrivateKey *zone,
                                        GNUNET_SCHEDULER_TaskCallback error_cb,
                                        void *error_cb_cls,
                                        GNUNET_NAMESTORE_RecordMonitor proc,
@@ -316,7 +317,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start (const struct
                                      GNUNET_CONFIGURATION_Handle *cfg,
                                      const struct
-                                     GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                     GNUNET_IDENTITY_PrivateKey *zone,
                                      int iterate_first,
                                      GNUNET_SCHEDULER_TaskCallback error_cb,
                                      void *error_cb_cls,
diff --git a/src/include/gnunet_reclaim_service.h b/src/include/gnunet_reclaim_service.h
index 368058f56..8549081a1 100644
--- a/src/include/gnunet_reclaim_service.h
+++ b/src/include/gnunet_reclaim_service.h
@@ -38,6 +38,7 @@ extern "C" {
 #endif
 #endif
 
+#include "gnunet_identity_service.h"
 #include "gnunet_reclaim_lib.h"
 #include "gnunet_util_lib.h"
 
@@ -69,12 +70,12 @@ struct GNUNET_RECLAIM_Ticket
   /**
    * The ticket issuer (= the user)
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+  struct GNUNET_IDENTITY_PublicKey identity;
 
   /**
    * The ticket audience (= relying party)
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey audience;
+  struct GNUNET_IDENTITY_PublicKey audience;
 
   /**
    * The ticket random identifier
@@ -129,7 +130,7 @@ typedef void (*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
  * @param attr The attribute
  */
 typedef void (*GNUNET_RECLAIM_AttributeResult) (
-  void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
   const struct GNUNET_RECLAIM_Attribute *attr);
 
 /**
@@ -141,7 +142,7 @@ typedef void (*GNUNET_RECLAIM_AttributeResult) (
  * @param presentation The presentation for the credential (may be NULL)
  */
 typedef void (*GNUNET_RECLAIM_AttributeTicketResult) (
-  void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
   const struct GNUNET_RECLAIM_Attribute *attr,
   const struct GNUNET_RECLAIM_Presentation *presentation);
 
@@ -155,7 +156,7 @@ typedef void (*GNUNET_RECLAIM_AttributeTicketResult) (
  * @param attributes the parsed attributes
  */
 typedef void (*GNUNET_RECLAIM_CredentialResult) (
-  void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
   const struct GNUNET_RECLAIM_Credential *credential);
 
 
@@ -184,7 +185,7 @@ GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
@@ -205,7 +206,7 @@ GNUNET_RECLAIM_attribute_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *credential,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
@@ -226,7 +227,7 @@ GNUNET_RECLAIM_credential_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
 
@@ -244,7 +245,7 @@ GNUNET_RECLAIM_attribute_delete (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *cred,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
   void *cont_cls);
@@ -276,7 +277,7 @@ GNUNET_RECLAIM_credential_delete (
 struct GNUNET_RECLAIM_AttributeIterator *
 GNUNET_RECLAIM_get_attributes_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
   GNUNET_RECLAIM_AttributeResult proc, void *proc_cls,
   GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
@@ -332,7 +333,7 @@ GNUNET_RECLAIM_get_attributes_stop (
 struct GNUNET_RECLAIM_CredentialIterator *
 GNUNET_RECLAIM_get_credentials_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_RECLAIM_CredentialResult proc,
@@ -380,8 +381,8 @@ GNUNET_RECLAIM_get_credentials_stop (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_issue (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
+  const struct GNUNET_IDENTITY_PrivateKey *iss,
+  const struct GNUNET_IDENTITY_PublicKey *rp,
   const struct GNUNET_RECLAIM_AttributeList *attrs,
   GNUNET_RECLAIM_IssueTicketCallback cb, void *cb_cls);
 
@@ -402,7 +403,7 @@ GNUNET_RECLAIM_ticket_issue (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_revoke (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_ContinuationWithStatus cb, void *cb_cls);
 
@@ -422,7 +423,7 @@ GNUNET_RECLAIM_ticket_revoke (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_consume (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls);
 
@@ -447,7 +448,7 @@ GNUNET_RECLAIM_ticket_consume (
 struct GNUNET_RECLAIM_TicketIterator *
 GNUNET_RECLAIM_ticket_iteration_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
   GNUNET_RECLAIM_TicketCallback proc, void *proc_cls,
   GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 105bb1149..18c1f2674 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -21,6 +21,8 @@
 #ifndef GNUNET_REVOCATION_SERVICE_H_
 #define GNUNET_REVOCATION_SERVICE_H_
 
+#include "gnunet_identity_service.h"
+
 /**
  * @author Christian Grothoff
  *
@@ -51,6 +53,13 @@ extern "C"
 #define GNUNET_REVOCATION_VERSION 0x00000001
 
 /**
+ * Maximum length of a revocation
+ */
+#define GNUNET_REVOCATION_MAX_PROOF_SIZE sizeof(struct GNUNET_REVOCATION_PowP) +\
+                                         sizeof(struct GNUNET_IDENTITY_PublicKey) +\
+                                         1024 //FIXME max sig_len
+
+/**
  * The proof-of-work narrowing factor.
  * The number of PoWs that are calculates as part of revocation.
  */
@@ -79,22 +88,14 @@ struct GNUNET_REVOCATION_PowP
    */
   uint64_t pow[POW_COUNT] GNUNET_PACKED;
 
-  /**
-   * The signature
-   */
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-
-  /**
-   * The revoked public key
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
+  /** followed by the public key type, the key and a signature **/
 };
 
 
 /**
  * The signature object we use for the PoW
  */
-struct GNUNET_REVOCATION_SignaturePurposePS
+struct GNUNET_REVOCATION_EcdsaSignaturePurposePS
 {
   /**
    * The signature purpose
@@ -102,6 +103,11 @@ struct GNUNET_REVOCATION_SignaturePurposePS
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
 
   /**
+   * Type of the key
+   */
+  uint32_t ktype;
+
+  /**
    * The revoked public key
    */
   struct GNUNET_CRYPTO_EcdsaPublicKey key;
@@ -150,7 +156,7 @@ typedef void (*GNUNET_REVOCATION_Callback) (void *cls,
  */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                         const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+                         const struct GNUNET_IDENTITY_PublicKey *key,
                          GNUNET_REVOCATION_Callback func, void *func_cls);
 
 
@@ -217,7 +223,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
  * @param pow the pow object to work with in the calculation.
  */
 void
-GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key,
                             struct GNUNET_REVOCATION_PowP *pow);
 
 
@@ -256,6 +262,10 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc);
 void
 GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc);
 
+size_t
+GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow);
+
+
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/json/Makefile.am b/src/json/Makefile.am
index 2ed05c35a..d4ea38adf 100644
--- a/src/json/Makefile.am
+++ b/src/json/Makefile.am
@@ -18,18 +18,15 @@ libgnunetjson_la_SOURCES = \
   json.c \
   json_mhd.c \
   json_generator.c \
-  json_helper.c \
-  json_gnsrecord.c
+  json_helper.c
 libgnunetjson_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
-  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
   -ljansson \
   $(MHD_LIBS) \
   $(XLIB) \
   $(Z_LIBS)
 libgnunetjson_la_DEPENDENCIES = \
-  $(top_builddir)/src/util/libgnunetutil.la \
-  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la
+  $(top_builddir)/src/util/libgnunetutil.la
 
 
 check_PROGRAMS = \
diff --git a/src/json/json_generator.c b/src/json/json_generator.c
index 3f82a5f17..5806eb174 100644
--- a/src/json/json_generator.c
+++ b/src/json/json_generator.c
@@ -201,113 +201,5 @@ GNUNET_JSON_from_rsa_signature (const struct GNUNET_CRYPTO_RsaSignature *sig)
 }
 
 
-/**
- * Convert GNS record to JSON.
- *
- * @param rname name of record
- * @param rd record data
- * @return corresponding JSON encoding
- */
-json_t *
-GNUNET_JSON_from_gnsrecord (const char*rname,
-                            const struct GNUNET_GNSRECORD_Data *rd,
-                            unsigned int rd_count)
-{
-  struct GNUNET_TIME_Absolute abs_exp;
-  struct GNUNET_TIME_Relative rel_exp;
-  const char *expiration_time_str;
-  const char *record_type_str;
-  char *value_str;
-  json_t *data;
-  json_t *record;
-  json_t *records;
-
-  data = json_object ();
-  if (NULL == data)
-  {
-    GNUNET_break (0);
-    return NULL;
-  }
-  if (0 !=
-      json_object_set_new (data,
-                           "record_name",
-                           json_string (rname)))
-  {
-    GNUNET_break (0);
-    json_decref (data);
-    return NULL;
-  }
-  records = json_array ();
-  if (NULL == records)
-  {
-    GNUNET_break (0);
-    json_decref (data);
-    return NULL;
-  }
-  for (int i = 0; i < rd_count; i++)
-  {
-    value_str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
-                                                  rd[i].data,
-                                                  rd[i].data_size);
-    if (GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION & rd[i].flags)
-    {
-      rel_exp.rel_value_us = rd[i].expiration_time;
-      expiration_time_str = GNUNET_STRINGS_relative_time_to_string (rel_exp,
-                                                                    GNUNET_NO);
-    }
-    else
-    {
-      abs_exp.abs_value_us = rd[i].expiration_time;
-      expiration_time_str = GNUNET_STRINGS_absolute_time_to_string (abs_exp);
-    }
-    record_type_str = GNUNET_GNSRECORD_number_to_typename (rd[i].record_type);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Packing %s %s %s %d\n",
-                value_str, record_type_str, expiration_time_str, rd[i].flags);
-    record = json_pack ("{s:s,s:s,s:s,s:b,s:b,s:b,s:b}",
-                        "value",
-                        value_str,
-                        "record_type",
-                        record_type_str,
-                        "expiration_time",
-                        expiration_time_str,
-                        "private",
-                        rd[i].flags & GNUNET_GNSRECORD_RF_PRIVATE,
-                        "relative_expiration",
-                        rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION,
-                        "supplemental",
-                        rd[i].flags & GNUNET_GNSRECORD_RF_SUPPLEMENTAL,
-                        "shadow",
-                        rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD);
-    GNUNET_free (value_str);
-    if (NULL == record)
-    {
-      GNUNET_break (0);
-      json_decref (records);
-      json_decref (data);
-      return NULL;
-    }
-    if (0 !=
-        json_array_append_new (records,
-                               record))
-    {
-      GNUNET_break (0);
-      json_decref (records);
-      json_decref (data);
-      return NULL;
-    }
-  }
-  if (0 !=
-      json_object_set_new (data,
-                           "data",
-                           records))
-  {
-    GNUNET_break (0);
-    json_decref (data);
-    return NULL;
-  }
-  return data;
-}
-
 
 /* End of json/json_generator.c */
diff --git a/src/my/my_query_helper.c b/src/my/my_query_helper.c
index 526e57b8b..97ea04fd1 100644
--- a/src/my/my_query_helper.c
+++ b/src/my/my_query_helper.c
@@ -280,14 +280,14 @@ my_conv_rsa_public_key (void *cls,
                         MYSQL_BIND *qbind)
 {
   const struct GNUNET_CRYPTO_RsaPublicKey *rsa = qp->data;
-  char *buf;
+  void *buf;
   size_t buf_size;
 
   (void) cls;
   GNUNET_assert (1 == qp->num_params);
   buf_size = GNUNET_CRYPTO_rsa_public_key_encode (rsa,
                                                   &buf);
-  qbind->buffer = (void *) buf;
+  qbind->buffer = buf;
   qbind->buffer_length = buf_size;
   qbind->buffer_type = MYSQL_TYPE_BLOB;
   return 1;
@@ -332,14 +332,14 @@ my_conv_rsa_signature (void *cls,
                        MYSQL_BIND *qbind)
 {
   const struct GNUNET_CRYPTO_RsaSignature *sig = qp->data;
-  char *buf;
+  void *buf;
   size_t buf_size;
 
   (void) cls;
   GNUNET_assert (1 == qp->num_params);
   buf_size = GNUNET_CRYPTO_rsa_signature_encode (sig,
                                                  &buf);
-  qbind->buffer = (void *) buf;
+  qbind->buffer = buf;
   qbind->buffer_length = buf_size;
   qbind->buffer_type = MYSQL_TYPE_BLOB;
   return 1;
diff --git a/src/namecache/Makefile.am b/src/namecache/Makefile.am
index 5e80ea4c5..836a6b5d9 100644
--- a/src/namecache/Makefile.am
+++ b/src/namecache/Makefile.am
@@ -65,6 +65,7 @@ libgnunetnamecache_la_SOURCES = \
   namecache.h
 libgnunetnamecache_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(GN_LIBINTL)
 libgnunetnamecache_la_LDFLAGS = \
@@ -82,6 +83,7 @@ gnunet_namecache_SOURCES = \
  gnunet-namecache.c
 gnunet_namecache_LDADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   libgnunetnamecache.la \
   $(GN_LIBINTL)
@@ -91,6 +93,7 @@ gnunet_service_namecache_SOURCES = \
 
 gnunet_service_namecache_LDADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   libgnunetnamecache.la \
@@ -107,6 +110,8 @@ libgnunet_plugin_namecache_flat_la_SOURCES = \
 libgnunet_plugin_namecache_flat_la_LIBADD = \
   libgnunetnamecache.la  \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL)
 libgnunet_plugin_namecache_flat_la_LDFLAGS = \
@@ -118,6 +123,8 @@ libgnunet_plugin_namecache_sqlite_la_LIBADD = \
   libgnunetnamecache.la  \
   $(top_builddir)/src/sq/libgnunetsq.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
   $(LTLIBINTL)
 libgnunet_plugin_namecache_sqlite_la_LDFLAGS = \
@@ -130,6 +137,8 @@ libgnunet_plugin_namecache_postgres_la_LIBADD = \
   libgnunetnamecache.la  \
   $(top_builddir)/src/pq/libgnunetpq.la  \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lpq \
   $(LTLIBINTL)
 libgnunet_plugin_namecache_postgres_la_LDFLAGS = \
diff --git a/src/namecache/gnunet-namecache.c b/src/namecache/gnunet-namecache.c
index 2e3c733e6..19f2a5766 100644
--- a/src/namecache/gnunet-namecache.c
+++ b/src/namecache/gnunet-namecache.c
@@ -51,7 +51,7 @@ static char *name;
 /**
  * Public key of the zone to look in.
  */
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 /**
  * Public key of the zone to look in, in ASCII.
@@ -177,7 +177,7 @@ run (void *cls,
   }
 
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (pkey, strlen (pkey), &pubkey))
+      GNUNET_IDENTITY_public_key_from_string (pkey, &pubkey))
   {
     fprintf (stderr, _ ("Invalid public key for zone `%s'\n"), pkey);
     GNUNET_SCHEDULER_shutdown ();
diff --git a/src/namecache/gnunet-service-namecache.c b/src/namecache/gnunet-service-namecache.c
index 7cf216ce3..07bf30de9 100644
--- a/src/namecache/gnunet-service-namecache.c
+++ b/src/namecache/gnunet-service-namecache.c
@@ -184,40 +184,24 @@ handle_lookup_block_it (void *cls,
   struct LookupBlockContext *lnc = cls;
   struct GNUNET_MQ_Envelope *env;
   struct LookupBlockResponseMessage *r;
-  size_t esize;
   size_t bsize;
 
-  bsize = ntohl (block->purpose.size);
-  if (bsize <
-      (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof(struct
-                                                                 GNUNET_TIME_AbsoluteNBO)))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Malformed block.");
-    lnc->status = GNUNET_SYSERR;
-    return;
-  }
-  esize = ntohl (block->purpose.size)
-          - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-          - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+  bsize = GNUNET_GNSRECORD_block_get_size (block);
   env = GNUNET_MQ_msg_extra (r,
-                             esize,
+                             bsize,
                              GNUNET_MESSAGE_TYPE_NAMECACHE_LOOKUP_BLOCK_RESPONSE);
   r->gns_header.r_id = htonl (lnc->request_id);
-  r->expire = block->expiration_time;
-  r->signature = block->signature;
-  r->derived_key = block->derived_key;
   GNUNET_memcpy (&r[1],
-                 &block[1],
-                 esize);
+                 block,
+                 bsize);
   GNUNET_STATISTICS_update (statistics,
                             "blocks found in cache",
                             1,
                             GNUNET_NO);
+  r->expire = GNUNET_TIME_absolute_hton (
+    GNUNET_GNSRECORD_block_get_expiration (block));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Sending NAMECACHE_LOOKUP_BLOCK_RESPONSE message with expiration time %s\n",
-              GNUNET_STRINGS_absolute_time_to_string (
-                GNUNET_TIME_absolute_ntoh (r->expire)));
+              "Sending NAMECACHE_LOOKUP_BLOCK_RESPONSE message\n");
   GNUNET_MQ_send (lnc->nc->mq,
                   env);
 }
@@ -314,20 +298,11 @@ handle_block_cache (void *cls,
                             GNUNET_NO);
   esize = ntohs (rp_msg->gns_header.header.size) - sizeof(struct
                                                           BlockCacheMessage);
-  block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) + esize);
-  block->signature = rp_msg->signature;
-  block->derived_key = rp_msg->derived_key;
-  block->purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                               + sizeof(struct GNUNET_TIME_AbsoluteNBO)
-                               + esize);
-  block->expiration_time = rp_msg->expire;
+  block = GNUNET_malloc (esize);
+  memcpy (block, &rp_msg[1], esize);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Received NAMECACHE_BLOCK_CACHE message with expiration time %s\n",
-              GNUNET_STRINGS_absolute_time_to_string (
-                GNUNET_TIME_absolute_ntoh (block->expiration_time)));
-  GNUNET_memcpy (&block[1],
-                 &rp_msg[1],
-                 esize);
+              "Received NAMECACHE_BLOCK_CACHE message with type %u\n",
+              htonl (block->type));
   res = GSN_database->cache_block (GSN_database->cls,
                                    block);
   GNUNET_free (block);
diff --git a/src/namecache/namecache.h b/src/namecache/namecache.h
index 1657662c2..43c8cf85f 100644
--- a/src/namecache/namecache.h
+++ b/src/namecache/namecache.h
@@ -92,7 +92,7 @@ struct LookupBlockResponseMessage
   /**
    * Derived public key.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
+  struct GNUNET_IDENTITY_PublicKey derived_key;
 
   /* follwed by encrypted block data */
 };
@@ -121,7 +121,7 @@ struct BlockCacheMessage
   /**
    * Derived public key.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
+  struct GNUNET_IDENTITY_PublicKey derived_key;
 
   /* follwed by encrypted block data */
 };
diff --git a/src/namecache/namecache_api.c b/src/namecache/namecache_api.c
index 0c904c9ed..fdbf142a7 100644
--- a/src/namecache/namecache_api.c
+++ b/src/namecache/namecache_api.c
@@ -225,19 +225,11 @@ handle_lookup_block_response (void *cls,
   size = ntohs (msg->gns_header.header.size)
          - sizeof(struct LookupBlockResponseMessage);
   {
-    char buf[size + sizeof(struct GNUNET_GNSRECORD_Block)] GNUNET_ALIGN;
+    char buf[size] GNUNET_ALIGN;
     struct GNUNET_GNSRECORD_Block *block;
 
     block = (struct GNUNET_GNSRECORD_Block *) buf;
-    block->signature = msg->signature;
-    block->derived_key = msg->derived_key;
-    block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    block->purpose.size = htonl (size
-                                 + sizeof(struct GNUNET_TIME_AbsoluteNBO)
-                                 + sizeof(struct
-                                          GNUNET_CRYPTO_EccSignaturePurpose));
-    block->expiration_time = msg->expire;
-    GNUNET_memcpy (&block[1],
+    GNUNET_memcpy (block,
                    &msg[1],
                    size);
     if (GNUNET_OK !=
@@ -483,11 +475,7 @@ GNUNET_NAMECACHE_block_cache (struct GNUNET_NAMECACHE_Handle *h,
 
   if (NULL == h->mq)
     return NULL;
-  blen = ntohl (block->purpose.size);
-  GNUNET_assert (blen > (sizeof(struct GNUNET_TIME_AbsoluteNBO)
-                         + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)));
-  blen -= (sizeof(struct GNUNET_TIME_AbsoluteNBO)
-           + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
+  blen = GNUNET_GNSRECORD_block_get_size (block);
   rid = get_op_id (h);
   qe = GNUNET_new (struct GNUNET_NAMECACHE_QueueEntry);
   qe->nsh = h;
@@ -502,11 +490,8 @@ GNUNET_NAMECACHE_block_cache (struct GNUNET_NAMECACHE_Handle *h,
                              blen,
                              GNUNET_MESSAGE_TYPE_NAMECACHE_BLOCK_CACHE);
   msg->gns_header.r_id = htonl (rid);
-  msg->expire = block->expiration_time;
-  msg->signature = block->signature;
-  msg->derived_key = block->derived_key;
   GNUNET_memcpy (&msg[1],
-                 &block[1],
+                 block,
                  blen);
   GNUNET_MQ_send (h->mq,
                   env);
diff --git a/src/namecache/plugin_namecache_flat.c b/src/namecache/plugin_namecache_flat.c
index 24f4f2570..eb7800051 100644
--- a/src/namecache/plugin_namecache_flat.c
+++ b/src/namecache/plugin_namecache_flat.c
@@ -207,10 +207,7 @@ store_and_free_entries (void *cls,
   struct GNUNET_CRYPTO_HashAsciiEncoded query;
   size_t block_size;
 
-  block_size = ntohl (entry->block->purpose.size)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
-
+  block_size = GNUNET_GNSRECORD_block_get_size (entry->block);
   GNUNET_STRINGS_base64_encode ((char *) entry->block,
                                 block_size,
                                 &block_b64);
@@ -277,7 +274,7 @@ expire_blocks (void *cls,
   struct GNUNET_TIME_Absolute expiration;
 
   now = GNUNET_TIME_absolute_get ();
-  expiration = GNUNET_TIME_absolute_ntoh (entry->block->expiration_time);
+  expiration = GNUNET_GNSRECORD_block_get_expiration (entry->block);
 
   if (0 == GNUNET_TIME_absolute_get_difference (now,
                                                 expiration).rel_value_us)
@@ -319,12 +316,9 @@ namecache_cache_block (void *cls,
   size_t block_size;
 
   namecache_expire_blocks (plugin);
-  GNUNET_CRYPTO_hash (&block->derived_key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
-                      &query);
-  block_size = ntohl (block->purpose.size)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
+  GNUNET_GNSRECORD_query_from_block (block,
+                                     &query);
+  block_size = GNUNET_GNSRECORD_block_get_size (block);
   if (block_size > 64 * 65536)
   {
     GNUNET_break (0);
diff --git a/src/namecache/plugin_namecache_postgres.c b/src/namecache/plugin_namecache_postgres.c
index 654a3ae81..ae0f71a1f 100644
--- a/src/namecache/plugin_namecache_postgres.c
+++ b/src/namecache/plugin_namecache_postgres.c
@@ -153,11 +153,11 @@ namecache_postgres_expire_blocks (struct Plugin *plugin)
 static void
 delete_old_block (struct Plugin *plugin,
                   const struct GNUNET_HashCode *query,
-                  struct GNUNET_TIME_AbsoluteNBO expiration_time)
+                  struct GNUNET_TIME_Absolute expiration_time)
 {
   struct GNUNET_PQ_QueryParam params[] = {
     GNUNET_PQ_query_param_auto_from_type (query),
-    GNUNET_PQ_query_param_absolute_time_nbo (&expiration_time),
+    GNUNET_PQ_query_param_absolute_time (&expiration_time),
     GNUNET_PQ_query_param_end
   };
   enum GNUNET_DB_QueryStatus res;
@@ -182,21 +182,20 @@ namecache_postgres_cache_block (void *cls,
 {
   struct Plugin *plugin = cls;
   struct GNUNET_HashCode query;
-  size_t block_size = ntohl (block->purpose.size)
-                      + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-                      + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
+  size_t block_size = GNUNET_GNSRECORD_block_get_size (block);
+  struct GNUNET_TIME_Absolute exp;
+  exp = GNUNET_GNSRECORD_block_get_expiration (block);
   struct GNUNET_PQ_QueryParam params[] = {
     GNUNET_PQ_query_param_auto_from_type (&query),
     GNUNET_PQ_query_param_fixed_size (block, block_size),
-    GNUNET_PQ_query_param_absolute_time_nbo (&block->expiration_time),
+    GNUNET_PQ_query_param_absolute_time (&exp),
     GNUNET_PQ_query_param_end
   };
   enum GNUNET_DB_QueryStatus res;
 
   namecache_postgres_expire_blocks (plugin);
-  GNUNET_CRYPTO_hash (&block->derived_key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
-                      &query);
+  GNUNET_GNSRECORD_query_from_block (block,
+                                     &query);
   if (block_size > 64 * 65536)
   {
     GNUNET_break (0);
@@ -204,7 +203,7 @@ namecache_postgres_cache_block (void *cls,
   }
   delete_old_block (plugin,
                     &query,
-                    block->expiration_time);
+                    exp);
 
   res = GNUNET_PQ_eval_prepared_non_select (plugin->dbh,
                                             "cache_block",
@@ -263,10 +262,7 @@ namecache_postgres_lookup_block (void *cls,
          "Ending iteration (no more results)\n");
     return GNUNET_NO;
   }
-  if ((bsize < sizeof(*block)) ||
-      (bsize != ntohl (block->purpose.size)
-       + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-       + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)))
+  if ((bsize < sizeof(*block)))
   {
     GNUNET_break (0);
     LOG (GNUNET_ERROR_TYPE_DEBUG,
diff --git a/src/namecache/plugin_namecache_sqlite.c b/src/namecache/plugin_namecache_sqlite.c
index c9d79ba2d..82008c837 100644
--- a/src/namecache/plugin_namecache_sqlite.c
+++ b/src/namecache/plugin_namecache_sqlite.c
@@ -332,9 +332,7 @@ namecache_sqlite_cache_block (void *cls,
   struct Plugin *plugin = cls;
   struct GNUNET_HashCode query;
   struct GNUNET_TIME_Absolute expiration;
-  size_t block_size = ntohl (block->purpose.size)
-                      + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-                      + sizeof(struct GNUNET_CRYPTO_EcdsaSignature);
+  size_t block_size = GNUNET_GNSRECORD_block_get_size (block);
   struct GNUNET_SQ_QueryParam del_params[] = {
     GNUNET_SQ_query_param_auto_from_type (&query),
     GNUNET_SQ_query_param_absolute_time (&expiration),
@@ -356,10 +354,9 @@ namecache_sqlite_cache_block (void *cls,
     last_expire = GNUNET_TIME_absolute_get ();
     namecache_sqlite_expire_blocks (plugin);
   }
-  GNUNET_CRYPTO_hash (&block->derived_key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
-                      &query);
-  expiration = GNUNET_TIME_absolute_ntoh (block->expiration_time);
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_GNSRECORD_query_from_block (block, &query));
+  expiration = GNUNET_GNSRECORD_block_get_expiration (block);
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Caching new version of block %s (expires %s)\n",
               GNUNET_h2s (&query),
@@ -498,10 +495,7 @@ namecache_sqlite_lookup_block (void *cls,
       GNUNET_break (0);
       ret = GNUNET_SYSERR;
     }
-    else if ((block_size < sizeof(struct GNUNET_GNSRECORD_Block)) ||
-             (ntohl (block->purpose.size)
-              + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-              + sizeof(struct GNUNET_CRYPTO_EcdsaSignature) != block_size))
+    else if ((block_size < sizeof(struct GNUNET_GNSRECORD_Block)))
     {
       GNUNET_break (0);
       GNUNET_SQ_cleanup_result (rs);
diff --git a/src/namecache/test_namecache_api_cache_block.c b/src/namecache/test_namecache_api_cache_block.c
index 12b72d93b..310c4de42 100644
--- a/src/namecache/test_namecache_api_cache_block.c
+++ b/src/namecache/test_namecache_api_cache_block.c
@@ -39,9 +39,9 @@ static struct GNUNET_NAMECACHE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -172,23 +172,13 @@ run (void *cls,
 {
   struct GNUNET_GNSRECORD_Data rd;
   struct GNUNET_GNSRECORD_Block *block;
-  char *hostkey_file;
   const char *name = "dummy.dummy.gnunet";
 
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly, NULL);
-  GNUNET_asprintf (&hostkey_file,
-                   "zonefiles%s%s",
-                   DIR_SEPARATOR_STR,
-                   "N0UJMP015AFUNR2BTNM3FKPBLG38913BL8IDMCO2H0A1LIB81960.zkey");
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using zonekey file `%s' \n",
-              hostkey_file);
-  GNUNET_assert (GNUNET_SYSERR !=
-                 GNUNET_CRYPTO_ecdsa_key_from_file (hostkey_file,
-                                                    GNUNET_YES,
-                                                    &privkey));
-  GNUNET_free (hostkey_file);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey, &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey, &pubkey);
 
 
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us + 10000000000;
diff --git a/src/namestore/Makefile.am b/src/namestore/Makefile.am
index 40ac64197..3a92f98c9 100644
--- a/src/namestore/Makefile.am
+++ b/src/namestore/Makefile.am
@@ -131,6 +131,7 @@ libgnunet_plugin_rest_namestore_la_LIBADD = \
   $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/json/libgnunetjson.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecordjson.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson $(MHD_LIBS)
 libgnunet_plugin_rest_namestore_la_LDFLAGS = \
@@ -144,6 +145,7 @@ libgnunetnamestore_la_SOURCES = \
   namestore.h
 libgnunetnamestore_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la  \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(GN_LIBINTL)
@@ -190,6 +192,7 @@ gnunet_service_namestore_SOURCES = \
 gnunet_service_namestore_LDADD = \
   $(top_builddir)/src/namecache/libgnunetnamecache.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   libgnunetnamestore.la \
@@ -200,7 +203,8 @@ gnunet_service_namestore_LDADD = \
 libgnunet_plugin_namestore_flat_la_SOURCES = \
   plugin_namestore_flat.c
 libgnunet_plugin_namestore_flat_la_LIBADD = \
-  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la  \
+  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL)
@@ -212,6 +216,7 @@ libgnunet_plugin_namestore_sqlite_la_SOURCES = \
   plugin_namestore_sqlite.c
 libgnunet_plugin_namestore_sqlite_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la  \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/sq/libgnunetsq.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
@@ -223,6 +228,7 @@ libgnunet_plugin_namestore_postgres_la_SOURCES = \
   plugin_namestore_postgres.c
 libgnunet_plugin_namestore_postgres_la_LIBADD = \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la  \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(top_builddir)/src/pq/libgnunetpq.la  \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lpq \
@@ -236,6 +242,7 @@ test_namestore_api_store_flat_LDADD = \
   $(top_builddir)/src/testing/libgnunettesting.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   libgnunetnamestore.la
 
 test_namestore_api_store_sqlite_SOURCES = \
@@ -244,6 +251,7 @@ test_namestore_api_store_sqlite_LDADD = \
   $(top_builddir)/src/testing/libgnunettesting.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   libgnunetnamestore.la
 
 test_namestore_api_store_postgres_SOURCES = \
@@ -252,6 +260,7 @@ test_namestore_api_store_postgres_LDADD = \
   $(top_builddir)/src/testing/libgnunettesting.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   libgnunetnamestore.la
 
 test_namestore_api_store_update_flat_SOURCES = \
diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c
index 34641d22e..844f4a990 100644
--- a/src/namestore/gnunet-namestore-fcfsd.c
+++ b/src/namestore/gnunet-namestore-fcfsd.c
@@ -164,7 +164,7 @@ struct Request
    */
   char public_key[128];
 
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
 };
 
 /**
@@ -211,7 +211,7 @@ static struct GNUNET_NAMESTORE_Handle *ns;
 /**
  * Private key for the fcfsd zone.
  */
-static struct GNUNET_CRYPTO_EcdsaPrivateKey fcfs_zone_pkey;
+static struct GNUNET_IDENTITY_PrivateKey fcfs_zone_pkey;
 
 /**
  * Connection to identity service.
@@ -306,7 +306,6 @@ zone_iteration_end (void *cls)
   /* return static form */
   GNUNET_asprintf (&full_page,
                    ZONEINFO_PAGE,
-                   zr->zoneinfo,
                    zr->zoneinfo);
   response = MHD_create_response_from_buffer (strlen (full_page),
                                               (void *) full_page,
@@ -332,7 +331,7 @@ zone_iteration_end (void *cls)
  */
 static void
 iterate_cb (void *cls,
-            const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+            const struct GNUNET_IDENTITY_PrivateKey *zone_key,
             const char *name,
             unsigned int rd_len,
             const struct GNUNET_GNSRECORD_Data *rd)
@@ -615,7 +614,7 @@ zone_to_name_error (void *cls)
  */
 static void
 zone_to_name_cb (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                  const char *name,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -677,7 +676,7 @@ lookup_it_error (void *cls)
  */
 static void
 lookup_it_processor (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zonekey,
+                     const struct GNUNET_IDENTITY_PrivateKey *zonekey,
                      const char *label,
                      unsigned int rd_count,
                      const struct GNUNET_GNSRECORD_Data *rd)
@@ -712,9 +711,8 @@ lookup_it_finished (void *cls)
     return;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (request->public_key,
-                                                  strlen (request->public_key),
-                                                  &request->pub))
+      GNUNET_IDENTITY_public_key_from_string (request->public_key,
+                                              &request->pub))
   {
     GNUNET_break (0);
     request->phase = RP_FAIL;
@@ -767,7 +765,7 @@ create_response (void *cls,
 {
   struct MHD_Response *response;
   struct Request *request;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
   MHD_RESULT ret;
 
   (void) cls;
@@ -822,10 +820,8 @@ create_response (void *cls,
       request->pp = NULL;
     }
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (request->public_key,
-                                                    strlen (
-                                                      request->public_key),
-                                                    &pub))
+        GNUNET_IDENTITY_public_key_from_string (request->public_key,
+                                                &pub))
     {
       /* parse error */
       return fill_s_reply ("Failed to parse given public key",
@@ -1211,7 +1207,8 @@ main (int argc,
                          options,
                          &run, NULL)) ? 0 : 1;
   GNUNET_free_nz ((void *) argv);
-  GNUNET_CRYPTO_ecdsa_key_clear (&fcfs_zone_pkey);
+  // FIXME
+  // GNUNET_CRYPTO_ecdsa_key_clear (&fcfs_zone_pkey);
   return ret;
 }
 
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index 07d045b90..345d76910 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -59,7 +59,7 @@ static struct GNUNET_NAMESTORE_Handle *ns;
 /**
  * Private key for the our zone.
  */
-static struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey;
+static struct GNUNET_IDENTITY_PrivateKey zone_pkey;
 
 /**
  * Handle to identity lookup.
@@ -496,7 +496,7 @@ display_record (const char *rname,
  */
 static void
 display_record_iterator (void *cls,
-                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                         const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                          const char *rname,
                          unsigned int rd_len,
                          const struct GNUNET_GNSRECORD_Data *rd)
@@ -519,7 +519,7 @@ display_record_iterator (void *cls,
  */
 static void
 display_record_monitor (void *cls,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                        const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                         const char *rname,
                         unsigned int rd_len,
                         const struct GNUNET_GNSRECORD_Data *rd)
@@ -542,7 +542,7 @@ display_record_monitor (void *cls,
  */
 static void
 display_record_lookup (void *cls,
-                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                       const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                        const char *rname,
                        unsigned int rd_len,
                        const struct GNUNET_GNSRECORD_Data *rd)
@@ -622,7 +622,7 @@ add_error_cb (void *cls)
  */
 static void
 get_existing_record (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                     const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                      const char *rec_name,
                      unsigned int rd_count,
                      const struct GNUNET_GNSRECORD_Data *rd)
@@ -781,7 +781,7 @@ reverse_error_cb (void *cls)
  */
 static void
 handle_reverse_lookup (void *cls,
-                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                       const struct GNUNET_IDENTITY_PrivateKey *zone,
                        const char *label,
                        unsigned int rd_count,
                        const struct GNUNET_GNSRECORD_Data *rd)
@@ -826,7 +826,7 @@ del_lookup_error_cb (void *cls)
  */
 static void
 del_monitor (void *cls,
-             const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+             const struct GNUNET_IDENTITY_PrivateKey *zone,
              const char *label,
              unsigned int rd_count,
              const struct GNUNET_GNSRECORD_Data *rd)
@@ -1187,12 +1187,11 @@ run_with_zone_pkey (const struct GNUNET_CONFIGURATION_Handle *cfg)
   }
   if (NULL != reverse_pkey)
   {
-    struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+    struct GNUNET_IDENTITY_PublicKey pubkey;
 
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (reverse_pkey,
-                                                    strlen (reverse_pkey),
-                                                    &pubkey))
+        GNUNET_IDENTITY_public_key_from_string (reverse_pkey,
+                                                &pubkey))
     {
       fprintf (stderr,
                _ ("Invalid public key for reverse lookup `%s'\n"),
@@ -1211,12 +1210,12 @@ run_with_zone_pkey (const struct GNUNET_CONFIGURATION_Handle *cfg)
   {
     char sh[105];
     char sname[64];
-    struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+    struct GNUNET_IDENTITY_PublicKey pkey;
 
     GNUNET_STRINGS_utf8_tolower (uri, uri);
     if ((2 != (sscanf (uri, "gnunet://gns/%52s/%63s", sh, sname))) ||
         (GNUNET_OK !=
-         GNUNET_CRYPTO_ecdsa_public_key_from_string (sh, strlen (sh), &pkey)))
+         GNUNET_IDENTITY_public_key_from_string (sh, &pkey)))
     {
       fprintf (stderr, _ ("Invalid URI `%s'\n"), uri);
       GNUNET_SCHEDULER_shutdown ();
@@ -1242,8 +1241,8 @@ run_with_zone_pkey (const struct GNUNET_CONFIGURATION_Handle *cfg)
     }
     memset (&rd, 0, sizeof(rd));
     rd.data = &pkey;
-    rd.data_size = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
-    rd.record_type = GNUNET_GNSRECORD_TYPE_PKEY;
+    rd.data_size = GNUNET_IDENTITY_key_get_length (&pkey);
+    rd.record_type = ntohl (pkey.type);
     rd.expiration_time = etime;
     if (GNUNET_YES == etime_is_rel)
       rd.flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
@@ -1704,11 +1703,13 @@ main (int argc, char *const *argv)
                                   NULL)))
   {
     GNUNET_free_nz ((void *) argv);
-    GNUNET_CRYPTO_ecdsa_key_clear (&zone_pkey);
+    //FIXME
+    //GNUNET_CRYPTO_ecdsa_key_clear (&zone_pkey);
     return lret;
   }
   GNUNET_free_nz ((void *) argv);
-  GNUNET_CRYPTO_ecdsa_key_clear (&zone_pkey);
+  //FIXME
+  //GNUNET_CRYPTO_ecdsa_key_clear (&zone_pkey);
   return ret;
 }
 
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index b24bb2952..d6774b37b 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -82,7 +82,7 @@ struct ZoneIteration
   /**
    * Key of the zone we are iterating over.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * Last sequence number in the zone iteration used to address next
@@ -174,7 +174,7 @@ struct ZoneMonitor
   /**
    * Private key of the zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * Task active during initial iteration.
@@ -314,7 +314,7 @@ struct NickCache
   /**
    * Zone the cache entry is for.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * Cached record data.
@@ -336,7 +336,7 @@ static struct NickCache nick_cache[NC_SIZE];
 /**
  * Public key of all zeros.
  */
-static const struct GNUNET_CRYPTO_EcdsaPrivateKey zero;
+static const struct GNUNET_IDENTITY_PrivateKey zero;
 
 /**
  * Configuration handle.
@@ -481,7 +481,7 @@ free_store_activity (struct StoreActivity *sa)
 static void
 lookup_nick_it (void *cls,
                 uint64_t seq,
-                const struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
+                const struct GNUNET_IDENTITY_PrivateKey *private_key,
                 const char *label,
                 unsigned int rd_count,
                 const struct GNUNET_GNSRECORD_Data *rd)
@@ -521,7 +521,7 @@ lookup_nick_it (void *cls,
  * @param nick nick entry to cache
  */
 static void
-cache_nick (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+cache_nick (const struct GNUNET_IDENTITY_PrivateKey *zone,
             const struct GNUNET_GNSRECORD_Data *nick)
 {
   struct NickCache *oldest;
@@ -564,9 +564,9 @@ cache_nick (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
  * @return NULL if no NICK record was found
  */
 static struct GNUNET_GNSRECORD_Data *
-get_nick_record (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone)
+get_nick_record (const struct GNUNET_IDENTITY_PrivateKey *zone)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
   struct GNUNET_GNSRECORD_Data *nick;
   int res;
 
@@ -606,7 +606,7 @@ get_nick_record (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone)
                                            __LINE__);
     if (1 == do_log)
     {
-      GNUNET_CRYPTO_ecdsa_key_get_public (zone, &pub);
+      GNUNET_IDENTITY_key_get_public (zone, &pub);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG | GNUNET_ERROR_TYPE_BULK,
                   "No nick name set for zone `%s'\n",
                   GNUNET_GNSRECORD_z2s (&pub));
@@ -720,7 +720,7 @@ merge_with_nick_records (const struct GNUNET_GNSRECORD_Data *nick_rd,
 static void
 send_lookup_response (struct NamestoreClient *nc,
                       uint32_t request_id,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                      const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                       const char *name,
                       unsigned int rd_count,
                       const struct GNUNET_GNSRECORD_Data *rd)
@@ -899,14 +899,14 @@ static void
 refresh_block (struct NamestoreClient *nc,
                struct ZoneIteration *zi,
                uint32_t rid,
-               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+               const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                const char *name,
                unsigned int rd_count,
                const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct GNUNET_GNSRECORD_Block *block;
   struct CacheOperation *cop;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
   struct GNUNET_GNSRECORD_Data *nick;
   struct GNUNET_GNSRECORD_Data *res;
   unsigned int res_count;
@@ -946,7 +946,7 @@ refresh_block (struct NamestoreClient *nc,
     block =
       GNUNET_GNSRECORD_block_create (zone_key, exp_time, name, res, res_count);
   GNUNET_assert (NULL != block);
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone_key, &pkey);
+  GNUNET_IDENTITY_key_get_public (zone_key, &pkey);
   GNUNET_log (
     GNUNET_ERROR_TYPE_DEBUG,
     "Caching block for label `%s' with %u records and expiration %s in zone `%s' in namecache\n",
@@ -1214,7 +1214,7 @@ struct RecordLookupContext
 static void
 lookup_it (void *cls,
            uint64_t seq,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
+           const struct GNUNET_IDENTITY_PrivateKey *private_key,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -1605,7 +1605,7 @@ struct ZoneToNameCtx
 static void
 handle_zone_to_name_it (void *cls,
                         uint64_t seq,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                        const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                         const char *name,
                         unsigned int rd_count,
                         const struct GNUNET_GNSRECORD_Data *rd)
@@ -1738,7 +1738,7 @@ struct ZoneIterationProcResult
 static void
 zone_iterate_proc (void *cls,
                    uint64_t seq,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                    const char *name,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd)
@@ -2009,7 +2009,7 @@ monitor_iteration_next (void *cls);
 static void
 monitor_iterate_cb (void *cls,
                     uint64_t seq,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                    const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                     const char *name,
                     unsigned int rd_count,
                     const struct GNUNET_GNSRECORD_Data *rd)
diff --git a/src/namestore/gnunet-zoneimport.c b/src/namestore/gnunet-zoneimport.c
index 5b4e41475..ce62b52d5 100644
--- a/src/namestore/gnunet-zoneimport.c
+++ b/src/namestore/gnunet-zoneimport.c
@@ -96,7 +96,7 @@ struct Zone
   /**
    * Private key of the zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey key;
+  struct GNUNET_IDENTITY_PrivateKey key;
 };
 
 
@@ -1405,7 +1405,7 @@ ns_lookup_error_cb (void *cls)
  */
 static void
 ns_lookup_result_cb (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+                     const struct GNUNET_IDENTITY_PrivateKey *key,
                      const char *label,
                      unsigned int rd_count,
                      const struct GNUNET_GNSRECORD_Data *rd)
diff --git a/src/namestore/namestore.h b/src/namestore/namestore.h
index 6f45ab1c1..fd9a8ed47 100644
--- a/src/namestore/namestore.h
+++ b/src/namestore/namestore.h
@@ -90,7 +90,7 @@ struct RecordStoreMessage
   /**
    * The private key of the authority.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by:
    * name with length name_len
@@ -134,7 +134,7 @@ struct LabelLookupMessage
   /**
    * The private key of the zone to look up in
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /* followed by:
    * name with length name_len
@@ -176,7 +176,7 @@ struct LabelLookupResponseMessage
   /**
    * The private key of the authority.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by:
    * name with length name_len
@@ -198,12 +198,12 @@ struct ZoneToNameMessage
   /**
    * The private key of the zone to look up in
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * The public key of the target zone
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey value_zone;
+  struct GNUNET_IDENTITY_PublicKey value_zone;
 };
 
 
@@ -241,7 +241,7 @@ struct ZoneToNameResponseMessage
   /**
    * The private key of the zone that contained the name.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /* followed by:
    * name with length name_len
@@ -283,7 +283,7 @@ struct RecordResultMessage
   /**
    * The private key of the authority.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by:
    * name with length name_len
@@ -311,7 +311,7 @@ struct ZoneMonitorStartMessage
   /**
    * Zone key.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 };
 
 
@@ -352,7 +352,7 @@ struct ZoneIterationStartMessage
   /**
    * Zone key.  All zeros for "all zones".
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 };
 
 
diff --git a/src/namestore/namestore_api.c b/src/namestore/namestore_api.c
index f383f8b4a..c845b5019 100644
--- a/src/namestore/namestore_api.c
+++ b/src/namestore/namestore_api.c
@@ -174,7 +174,7 @@ struct GNUNET_NAMESTORE_ZoneIterator
   /**
    * Private key of the zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * The operation id this zone iteration operation has
@@ -493,7 +493,7 @@ handle_lookup_result (void *cls, const struct LabelLookupResponseMessage *msg)
 static int
 check_record_result (void *cls, const struct RecordResultMessage *msg)
 {
-  static struct GNUNET_CRYPTO_EcdsaPrivateKey priv_dummy;
+  static struct GNUNET_IDENTITY_PrivateKey priv_dummy;
   const char *name;
   size_t msg_len;
   size_t name_len;
@@ -981,7 +981,7 @@ warn_delay (void *cls)
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
   unsigned int rd_count,
   const struct GNUNET_GNSRECORD_Data *rd,
@@ -1080,7 +1080,7 @@ GNUNET_NAMESTORE_records_store (
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_lookup (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
@@ -1140,8 +1140,8 @@ GNUNET_NAMESTORE_records_lookup (
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_zone_to_name (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+  const struct GNUNET_IDENTITY_PrivateKey *zone,
+  const struct GNUNET_IDENTITY_PublicKey *value_zone,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_NAMESTORE_RecordMonitor proc,
@@ -1196,7 +1196,7 @@ GNUNET_NAMESTORE_zone_to_name (
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+  const struct GNUNET_IDENTITY_PrivateKey *zone,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_NAMESTORE_RecordMonitor proc,
diff --git a/src/namestore/namestore_api_monitor.c b/src/namestore/namestore_api_monitor.c
index 9dc955544..6670e54ce 100644
--- a/src/namestore/namestore_api_monitor.c
+++ b/src/namestore/namestore_api_monitor.c
@@ -82,7 +82,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor
   /**
    * Monitored zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone;
+  struct GNUNET_IDENTITY_PrivateKey zone;
 
   /**
    * Do we first iterate over all existing records?
@@ -302,7 +302,7 @@ reconnect (struct GNUNET_NAMESTORE_ZoneMonitor *zm)
 struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+  const struct GNUNET_IDENTITY_PrivateKey *zone,
   int iterate_first,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
diff --git a/src/namestore/perf_namestore_api_zone_iteration.c b/src/namestore/perf_namestore_api_zone_iteration.c
index c1012de62..f46a1c523 100644
--- a/src/namestore/perf_namestore_api_zone_iteration.c
+++ b/src/namestore/perf_namestore_api_zone_iteration.c
@@ -64,7 +64,7 @@ static struct GNUNET_SCHEDULER_Task *timeout_task;
 
 static struct GNUNET_SCHEDULER_Task *t;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
 static struct GNUNET_NAMESTORE_ZoneIterator *zi;
 
@@ -188,7 +188,7 @@ fail_cb (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -341,7 +341,8 @@ run (void *cls,
                                                NULL);
   nsh = GNUNET_NAMESTORE_connect (cfg);
   GNUNET_assert (NULL != nsh);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
   start = GNUNET_TIME_absolute_get ();
   t = GNUNET_SCHEDULER_add_now (&publish_record,
                                 NULL);
diff --git a/src/namestore/plugin_namestore_flat.c b/src/namestore/plugin_namestore_flat.c
index 60b24df67..1a071fd80 100644
--- a/src/namestore/plugin_namestore_flat.c
+++ b/src/namestore/plugin_namestore_flat.c
@@ -54,7 +54,7 @@ struct FlatFileEntry
   /**
    * Entry zone
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /**
    * Record cound
@@ -86,7 +86,7 @@ struct FlatFileEntry
  * @param h[out] initialized hash
  */
 static void
-hash_pkey_and_label (const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+hash_pkey_and_label (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                      const char *label,
                      struct GNUNET_HashCode *h)
 {
@@ -95,14 +95,14 @@ hash_pkey_and_label (const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
   size_t key_len;
 
   label_len = strlen (label);
-  key_len = label_len + sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey);
+  key_len = label_len + sizeof(struct GNUNET_IDENTITY_PrivateKey);
   key = GNUNET_malloc (key_len);
   GNUNET_memcpy (key,
                  label,
                  label_len);
   GNUNET_memcpy (key + label_len,
                  pkey,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
+                 sizeof(struct GNUNET_IDENTITY_PrivateKey));
   GNUNET_CRYPTO_hash (key,
                       key_len,
                       h);
@@ -296,7 +296,7 @@ database_setup (struct Plugin *plugin)
     GNUNET_free (record_data);
 
     {
-      struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key;
+      struct GNUNET_IDENTITY_PrivateKey *private_key;
 
       GNUNET_STRINGS_base64_decode (zone_private_key,
                                     strlen (zone_private_key),
@@ -345,7 +345,7 @@ store_and_free_entries (void *cls,
 
   (void) key;
   GNUNET_STRINGS_base64_encode (&entry->private_key,
-                                sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
+                                sizeof(struct GNUNET_IDENTITY_PrivateKey),
                                 &zone_private_key);
   data_size = GNUNET_GNSRECORD_records_get_size (entry->record_count,
                                                  entry->record_data);
@@ -452,7 +452,7 @@ database_shutdown (struct Plugin *plugin)
 static int
 namestore_flat_store_records (void *cls,
                               const struct
-                              GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                              GNUNET_IDENTITY_PrivateKey *zone_key,
                               const char *label,
                               unsigned int rd_count,
                               const struct GNUNET_GNSRECORD_Data *rd)
@@ -482,7 +482,7 @@ namestore_flat_store_records (void *cls,
                    strlen (label));
   GNUNET_memcpy (&entry->private_key,
                  zone_key,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
+                 sizeof(struct GNUNET_IDENTITY_PrivateKey));
   entry->rvalue = rvalue;
   entry->record_count = rd_count;
   entry->record_data = GNUNET_new_array (rd_count,
@@ -517,7 +517,7 @@ namestore_flat_store_records (void *cls,
  */
 static int
 namestore_flat_lookup_records (void *cls,
-                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                               const struct GNUNET_IDENTITY_PrivateKey *zone,
                                const char *label,
                                GNUNET_NAMESTORE_RecordIterator iter,
                                void *iter_cls)
@@ -574,7 +574,7 @@ struct IterateContext
   /**
    * Target zone.
    */
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone;
+  const struct GNUNET_IDENTITY_PrivateKey *zone;
 
   /**
    * Function to call on each record.
@@ -647,7 +647,7 @@ iterate_zones (void *cls,
 static int
 namestore_flat_iterate_records (void *cls,
                                 const struct
-                                GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                GNUNET_IDENTITY_PrivateKey *zone,
                                 uint64_t serial,
                                 uint64_t limit,
                                 GNUNET_NAMESTORE_RecordIterator iter,
@@ -674,8 +674,8 @@ namestore_flat_iterate_records (void *cls,
  */
 struct ZoneToNameContext
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone;
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone;
+  const struct GNUNET_IDENTITY_PrivateKey *zone;
+  const struct GNUNET_IDENTITY_PublicKey *value_zone;
   GNUNET_NAMESTORE_RecordIterator iter;
   void *iter_cls;
 
@@ -702,7 +702,7 @@ zone_to_name (void *cls,
       continue;
     if (0 == memcmp (ztn->value_zone,
                      entry->record_data[i].data,
-                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+                     sizeof(struct GNUNET_IDENTITY_PublicKey)))
     {
       ztn->iter (ztn->iter_cls,
                  i + 1,    /* zero is illegal! */
@@ -730,9 +730,9 @@ zone_to_name (void *cls,
  */
 static int
 namestore_flat_zone_to_name (void *cls,
-                             const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                             const struct GNUNET_IDENTITY_PrivateKey *zone,
                              const struct
-                             GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                             GNUNET_IDENTITY_PublicKey *value_zone,
                              GNUNET_NAMESTORE_RecordIterator iter,
                              void *iter_cls)
 {
diff --git a/src/namestore/plugin_namestore_postgres.c b/src/namestore/plugin_namestore_postgres.c
index 04100567c..358fd35d6 100644
--- a/src/namestore/plugin_namestore_postgres.c
+++ b/src/namestore/plugin_namestore_postgres.c
@@ -180,13 +180,13 @@ database_setup (struct Plugin *plugin)
 static int
 namestore_postgres_store_records (void *cls,
                                   const struct
-                                  GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                                  GNUNET_IDENTITY_PrivateKey *zone_key,
                                   const char *label,
                                   unsigned int rd_count,
                                   const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct Plugin *plugin = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
   uint64_t rvalue;
   uint32_t rd_count32 = (uint32_t) rd_count;
   ssize_t data_size;
@@ -197,7 +197,7 @@ namestore_postgres_store_records (void *cls,
   for (unsigned int i = 0; i < rd_count; i++)
     if (GNUNET_GNSRECORD_TYPE_PKEY == rd[i].record_type)
     {
-      GNUNET_break (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) ==
+      GNUNET_break (sizeof(struct GNUNET_IDENTITY_PublicKey) ==
                     rd[i].data_size);
       GNUNET_memcpy (&pkey,
                      rd[i].data,
@@ -296,7 +296,7 @@ struct ParserContext
   /**
    * Zone key, NULL if part of record.
    */
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key;
+  const struct GNUNET_IDENTITY_PrivateKey *zone_key;
 
   /**
    * Number of results still to return (counted down by
@@ -330,7 +330,7 @@ parse_result_call_iterator (void *cls,
     size_t data_size;
     uint32_t record_count;
     char *label;
-    struct GNUNET_CRYPTO_EcdsaPrivateKey zk;
+    struct GNUNET_IDENTITY_PrivateKey zk;
     struct GNUNET_PQ_ResultSpec rs_with_zone[] = {
       GNUNET_PQ_result_spec_uint64 ("seq", &serial),
       GNUNET_PQ_result_spec_uint32 ("record_count", &record_count),
@@ -407,7 +407,7 @@ parse_result_call_iterator (void *cls,
 static int
 namestore_postgres_lookup_records (void *cls,
                                    const struct
-                                   GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                   GNUNET_IDENTITY_PrivateKey *zone,
                                    const char *label,
                                    GNUNET_NAMESTORE_RecordIterator iter,
                                    void *iter_cls)
@@ -457,7 +457,7 @@ namestore_postgres_lookup_records (void *cls,
 static int
 namestore_postgres_iterate_records (void *cls,
                                     const struct
-                                    GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                    GNUNET_IDENTITY_PrivateKey *zone,
                                     uint64_t serial,
                                     uint64_t limit,
                                     GNUNET_NAMESTORE_RecordIterator iter,
@@ -524,9 +524,9 @@ namestore_postgres_iterate_records (void *cls,
 static int
 namestore_postgres_zone_to_name (void *cls,
                                  const struct
-                                 GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                 GNUNET_IDENTITY_PrivateKey *zone,
                                  const struct
-                                 GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                                 GNUNET_IDENTITY_PublicKey *value_zone,
                                  GNUNET_NAMESTORE_RecordIterator iter,
                                  void *iter_cls)
 {
diff --git a/src/namestore/plugin_namestore_sqlite.c b/src/namestore/plugin_namestore_sqlite.c
index 45fb782f7..4a4ce3d8d 100644
--- a/src/namestore/plugin_namestore_sqlite.c
+++ b/src/namestore/plugin_namestore_sqlite.c
@@ -314,14 +314,14 @@ database_shutdown (struct Plugin *plugin)
 static int
 namestore_sqlite_store_records (void *cls,
                                 const struct
-                                GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                                GNUNET_IDENTITY_PrivateKey *zone_key,
                                 const char *label,
                                 unsigned int rd_count,
                                 const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct Plugin *plugin = cls;
   int n;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
   uint64_t rvalue;
   ssize_t data_size;
 
@@ -331,7 +331,7 @@ namestore_sqlite_store_records (void *cls,
   for (unsigned int i = 0; i < rd_count; i++)
     if (GNUNET_GNSRECORD_TYPE_PKEY == rd[i].record_type)
     {
-      GNUNET_break (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) ==
+      GNUNET_break (sizeof(struct GNUNET_IDENTITY_PublicKey) ==
                     rd[i].data_size);
       GNUNET_memcpy (&pkey,
                      rd[i].data,
@@ -461,7 +461,7 @@ static int
 get_records_and_call_iterator (struct Plugin *plugin,
                                sqlite3_stmt *stmt,
                                const struct
-                               GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                               GNUNET_IDENTITY_PrivateKey *zone_key,
                                uint64_t limit,
                                GNUNET_NAMESTORE_RecordIterator iter,
                                void *iter_cls)
@@ -496,7 +496,7 @@ get_records_and_call_iterator (struct Plugin *plugin,
       size_t data_size;
       void *data;
       char *label;
-      struct GNUNET_CRYPTO_EcdsaPrivateKey zk;
+      struct GNUNET_IDENTITY_PrivateKey zk;
       struct GNUNET_SQ_ResultSpec rs[] = {
         GNUNET_SQ_result_spec_uint64 (&seq),
         GNUNET_SQ_result_spec_uint32 (&record_count),
@@ -578,7 +578,7 @@ get_records_and_call_iterator (struct Plugin *plugin,
 static int
 namestore_sqlite_lookup_records (void *cls,
                                  const struct
-                                 GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                 GNUNET_IDENTITY_PrivateKey *zone,
                                  const char *label,
                                  GNUNET_NAMESTORE_RecordIterator iter,
                                  void *iter_cls)
@@ -629,7 +629,7 @@ namestore_sqlite_lookup_records (void *cls,
 static int
 namestore_sqlite_iterate_records (void *cls,
                                   const struct
-                                  GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                  GNUNET_IDENTITY_PrivateKey *zone,
                                   uint64_t serial,
                                   uint64_t limit,
                                   GNUNET_NAMESTORE_RecordIterator iter,
@@ -695,9 +695,9 @@ namestore_sqlite_iterate_records (void *cls,
  */
 static int
 namestore_sqlite_zone_to_name (void *cls,
-                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                               const struct GNUNET_IDENTITY_PrivateKey *zone,
                                const struct
-                               GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                               GNUNET_IDENTITY_PublicKey *value_zone,
                                GNUNET_NAMESTORE_RecordIterator iter,
                                void *iter_cls)
 {
diff --git a/src/namestore/plugin_rest_namestore.c b/src/namestore/plugin_rest_namestore.c
index 9354b9896..edcbeb874 100644
--- a/src/namestore/plugin_rest_namestore.c
+++ b/src/namestore/plugin_rest_namestore.c
@@ -30,7 +30,7 @@
 #include "gnunet_namestore_service.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_rest_lib.h"
-#include "gnunet_json_lib.h"
+#include "gnunet_gnsrecord_json_lib.h"
 #include "microhttpd.h"
 #include <jansson.h>
 
@@ -214,7 +214,7 @@ struct RequestHandle
   /**
    * Private key for the zone
    */
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_pkey;
+  const struct GNUNET_IDENTITY_PrivateKey *zone_pkey;
 
   /**
    * IDENTITY Operation
@@ -510,7 +510,7 @@ namestore_list_finished (void *cls)
  */
 static void
 namestore_list_iteration (void *cls,
-                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                          const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                           const char *rname,
                           unsigned int rd_len,
                           const struct GNUNET_GNSRECORD_Data *rd)
@@ -535,9 +535,9 @@ namestore_list_iteration (void *cls,
   /** Only add if not empty **/
   if (j > 0)
   {
-    record_obj = GNUNET_JSON_from_gnsrecord (rname,
-                                             rd_filtered,
-                                             j);
+    record_obj = GNUNET_GNSRECORD_JSON_from_gnsrecord (rname,
+                                                       rd_filtered,
+                                                       j);
     json_array_append_new (handle->resp_object, record_obj);
   }
   GNUNET_NAMESTORE_zone_iterator_next (handle->list_it, 1);
@@ -561,7 +561,7 @@ ns_lookup_error_cb (void *cls)
 
 static void
 ns_get_lookup_cb (void *cls,
-                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                  const struct GNUNET_IDENTITY_PrivateKey *zone,
                   const char *label,
                   unsigned int rd_len,
                   const struct GNUNET_GNSRECORD_Data *rd)
@@ -587,9 +587,9 @@ ns_get_lookup_cb (void *cls,
   /** Only add if not empty **/
   if (j > 0)
   {
-    record_obj = GNUNET_JSON_from_gnsrecord (label,
-                                             rd_filtered,
-                                             j);
+    record_obj = GNUNET_GNSRECORD_JSON_from_gnsrecord (label,
+                                                       rd_filtered,
+                                                       j);
     json_array_append_new (handle->resp_object, record_obj);
   }
   GNUNET_SCHEDULER_add_now (&namestore_list_finished, handle);
@@ -689,7 +689,7 @@ namestore_get (struct GNUNET_REST_RequestHandle *con_handle,
 
 static void
 ns_lookup_cb (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+              const struct GNUNET_IDENTITY_PrivateKey *zone,
               const char *label,
               unsigned int rd_count,
               const struct GNUNET_GNSRECORD_Data *rd)
@@ -755,7 +755,7 @@ namestore_add_or_update (struct GNUNET_REST_RequestHandle *con_handle,
                  handle->rest_handle->data_size);
   data_js = json_loads (term_data, JSON_DECODE_ANY, &err);
   struct GNUNET_JSON_Specification gnsspec[] =
-  { GNUNET_JSON_spec_gnsrecord (&handle->rd, &handle->rd_count,
+  { GNUNET_GNSRECORD_JSON_spec_gnsrecord (&handle->rd, &handle->rd_count,
                                 &handle->record_name),
     GNUNET_JSON_spec_end () };
   if (GNUNET_OK != GNUNET_JSON_parse (data_js, gnsspec, NULL, NULL))
@@ -946,7 +946,7 @@ list_ego (void *cls,
           const char *identifier)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if ((NULL == ego) && (ID_REST_STATE_INIT == state))
   {
@@ -957,7 +957,7 @@ list_ego (void *cls,
   {
     ego_entry = GNUNET_new (struct EgoEntry);
     GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-    ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+    ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
     ego_entry->ego = ego;
     ego_entry->identifier = GNUNET_strdup (identifier);
     GNUNET_CONTAINER_DLL_insert_tail (ego_head,
@@ -983,7 +983,7 @@ list_ego (void *cls,
       /* Add */
       ego_entry = GNUNET_new (struct EgoEntry);
       GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-      ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+      ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
       ego_entry->ego = ego;
       ego_entry->identifier = GNUNET_strdup (identifier);
       GNUNET_CONTAINER_DLL_insert_tail (ego_head,
diff --git a/src/namestore/test_namestore_api_lookup_nick.c b/src/namestore/test_namestore_api_lookup_nick.c
index 14fe7fc70..6ce969c9b 100644
--- a/src/namestore/test_namestore_api_lookup_nick.c
+++ b/src/namestore/test_namestore_api_lookup_nick.c
@@ -41,9 +41,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -98,7 +98,7 @@ end (void *cls)
 
 static void
 lookup_it (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -288,8 +288,9 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey,
                                       &pubkey);
 
   nsh = GNUNET_NAMESTORE_connect (cfg);
diff --git a/src/namestore/test_namestore_api_lookup_private.c b/src/namestore/test_namestore_api_lookup_private.c
index d0ad726cc..67cf54582 100644
--- a/src/namestore/test_namestore_api_lookup_private.c
+++ b/src/namestore/test_namestore_api_lookup_private.c
@@ -38,9 +38,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -91,7 +91,7 @@ end (void *cls)
 
 static void
 lookup_it (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -187,8 +187,9 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey, &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey, &pubkey);
 
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us;
   rd.record_type = TEST_RECORD_TYPE;
diff --git a/src/namestore/test_namestore_api_lookup_public.c b/src/namestore/test_namestore_api_lookup_public.c
index 039c7cbf6..5e3e7bbd8 100644
--- a/src/namestore/test_namestore_api_lookup_public.c
+++ b/src/namestore/test_namestore_api_lookup_public.c
@@ -42,9 +42,9 @@ static struct GNUNET_NAMECACHE_Handle *nch;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -163,7 +163,7 @@ put_cont (void *cls, int32_t success, const char *emsg)
 {
   const char *name = cls;
   struct GNUNET_HashCode derived_hash;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
 
   nsqe = NULL;
   GNUNET_assert (NULL != cls);
@@ -173,8 +173,8 @@ put_cont (void *cls, int32_t success, const char *emsg)
               (success == GNUNET_OK) ? "SUCCESS" : "FAIL");
 
   /* Create derived hash */
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
   GNUNET_GNSRECORD_query_from_public_key (&pubkey, name, &derived_hash);
 
   ncqe = GNUNET_NAMECACHE_lookup_block (nch, &derived_hash,
@@ -193,9 +193,10 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
 
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us + 1000000000;
   rd.record_type = TEST_RECORD_TYPE;
diff --git a/src/namestore/test_namestore_api_lookup_shadow.c b/src/namestore/test_namestore_api_lookup_shadow.c
index d399d903a..79fa4c9c6 100644
--- a/src/namestore/test_namestore_api_lookup_shadow.c
+++ b/src/namestore/test_namestore_api_lookup_shadow.c
@@ -44,9 +44,9 @@ static struct GNUNET_NAMECACHE_Handle *nch;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -195,7 +195,7 @@ put_cont (void *cls, int32_t success, const char *emsg)
 {
   const char *name = cls;
   struct GNUNET_HashCode derived_hash;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
 
   nsqe = NULL;
   GNUNET_assert (NULL != cls);
@@ -205,8 +205,8 @@ put_cont (void *cls, int32_t success, const char *emsg)
               (success == GNUNET_OK) ? "SUCCESS" : "FAIL");
 
   /* Create derived hash */
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
   GNUNET_GNSRECORD_query_from_public_key (&pubkey,
                                           name,
                                           &derived_hash);
@@ -228,9 +228,10 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us + 1000000000;
   rd.record_type = TEST_RECORD_TYPE;
   rd.data_size = TEST_RECORD_DATALEN;
diff --git a/src/namestore/test_namestore_api_lookup_shadow_filter.c b/src/namestore/test_namestore_api_lookup_shadow_filter.c
index 40dbeb90f..4fc197750 100644
--- a/src/namestore/test_namestore_api_lookup_shadow_filter.c
+++ b/src/namestore/test_namestore_api_lookup_shadow_filter.c
@@ -48,9 +48,9 @@ static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
 static struct GNUNET_SCHEDULER_Task *delayed_lookup_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -66,7 +66,7 @@ static struct GNUNET_TIME_Absolute record_expiration;
 
 static struct GNUNET_HashCode derived_hash;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 
 static void
@@ -267,8 +267,8 @@ put_cont (void *cls, int32_t success, const char *emsg)
               (success == GNUNET_OK) ? "SUCCESS" : "FAIL");
 
   /* Create derived hash */
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
   GNUNET_GNSRECORD_query_from_public_key (&pubkey, TEST_NAME, &derived_hash);
 
   if (0 == GNUNET_TIME_absolute_get_remaining (record_expiration).rel_value_us)
@@ -297,9 +297,10 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
 
   record_expiration = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (),
                                                 EXPIRATION);
diff --git a/src/namestore/test_namestore_api_monitoring.c b/src/namestore/test_namestore_api_monitoring.c
index 3f1be1403..df0c38608 100644
--- a/src/namestore/test_namestore_api_monitoring.c
+++ b/src/namestore/test_namestore_api_monitoring.c
@@ -37,9 +37,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneMonitor *zm;
 
@@ -133,7 +133,7 @@ end (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+           const struct GNUNET_IDENTITY_PrivateKey *zone_key,
            const char *name,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -273,7 +273,8 @@ run (void *cls,
      struct GNUNET_TESTING_Peer *peer)
 {
   res = 1;
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
   /* Start monitoring */
   zm = GNUNET_NAMESTORE_zone_monitor_start (cfg,
                                             &privkey,
@@ -304,7 +305,8 @@ run (void *cls,
     return;
   }
 
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey2);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Created record 3\n");
diff --git a/src/namestore/test_namestore_api_monitoring_existing.c b/src/namestore/test_namestore_api_monitoring_existing.c
index 728fcc25e..366f5739f 100644
--- a/src/namestore/test_namestore_api_monitoring_existing.c
+++ b/src/namestore/test_namestore_api_monitoring_existing.c
@@ -38,9 +38,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneMonitor *zm;
 
@@ -129,7 +129,7 @@ end (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+           const struct GNUNET_IDENTITY_PrivateKey *zone_key,
            const char *name,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -302,8 +302,10 @@ run (void *cls,
      struct GNUNET_TESTING_Peer *peer)
 {
   res = 1;
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey2);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
 
   cfg = mycfg;
   GNUNET_SCHEDULER_add_shutdown (&end,
diff --git a/src/namestore/test_namestore_api_remove.c b/src/namestore/test_namestore_api_remove.c
index e575821e8..b6254e531 100644
--- a/src/namestore/test_namestore_api_remove.c
+++ b/src/namestore/test_namestore_api_remove.c
@@ -39,9 +39,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -158,9 +158,10 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
 
   removed = GNUNET_NO;
 
diff --git a/src/namestore/test_namestore_api_remove_not_existing_record.c b/src/namestore/test_namestore_api_remove_not_existing_record.c
index 75e1cc3ed..e66992909 100644
--- a/src/namestore/test_namestore_api_remove_not_existing_record.c
+++ b/src/namestore/test_namestore_api_remove_not_existing_record.c
@@ -38,9 +38,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -132,8 +132,9 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey, &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey, &pubkey);
 
   nsh = GNUNET_NAMESTORE_connect (cfg);
   GNUNET_break (NULL != nsh);
diff --git a/src/namestore/test_namestore_api_store.c b/src/namestore/test_namestore_api_store.c
index 9223b56a3..e0b7daa5d 100644
--- a/src/namestore/test_namestore_api_store.c
+++ b/src/namestore/test_namestore_api_store.c
@@ -39,9 +39,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -113,8 +113,9 @@ run (void *cls,
 
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly, NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey, &pubkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey, &pubkey);
 
 
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us;
diff --git a/src/namestore/test_namestore_api_store_update.c b/src/namestore/test_namestore_api_store_update.c
index 7a5a69a6c..5c169734a 100644
--- a/src/namestore/test_namestore_api_store_update.c
+++ b/src/namestore/test_namestore_api_store_update.c
@@ -48,9 +48,9 @@ static struct GNUNET_NAMECACHE_Handle *nch;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
 static int res;
 
@@ -246,9 +246,10 @@ run (void *cls,
   endbadly_task = GNUNET_SCHEDULER_add_delayed (TIMEOUT,
                                                 &endbadly,
                                                 NULL);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  memset (&privkey, 0, sizeof (privkey));
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&privkey, &pubkey);
   rd.flags = GNUNET_GNSRECORD_RF_NONE;
   rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us + 1000000000;
   rd.record_type = TEST_RECORD_TYPE;
@@ -291,7 +292,7 @@ main (int argc,
   SETUP_CFG (plugin_name, cfg_name);
   res = 1;
   if (0 !=
-      GNUNET_TESTING_peer_run ("test-namestore-api-store-update",
+      GNUNET_TESTING_peer_run ("test--store-update",
                                cfg_name,
                                &run,
                                NULL))
diff --git a/src/namestore/test_namestore_api_zone_iteration.c b/src/namestore/test_namestore_api_zone_iteration.c
index 5d02b9e49..55ca901e2 100644
--- a/src/namestore/test_namestore_api_zone_iteration.c
+++ b/src/namestore/test_namestore_api_zone_iteration.c
@@ -37,9 +37,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneIterator *zi;
 
@@ -142,7 +142,7 @@ fail_cb (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -331,7 +331,7 @@ create_record (unsigned int count)
  */
 static void
 empty_zone_proc (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone,
                  const char *label,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -362,34 +362,11 @@ empty_zone_proc (void *cls,
 static void
 empty_zone_end (void *cls)
 {
-  char *hostkey_file;
-
   zi = NULL;
-  GNUNET_asprintf (&hostkey_file,
-                   "zonefiles%s%s",
-                   DIR_SEPARATOR_STR,
-                   "N0UJMP015AFUNR2BTNM3FKPBLG38913BL8IDMCO2H0A1LIB81960.zkey");
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Using zonekey file `%s' \n",
-              hostkey_file);
-  GNUNET_assert (GNUNET_SYSERR !=
-                 GNUNET_CRYPTO_ecdsa_key_from_file (hostkey_file,
-                                                    GNUNET_YES,
-                                                    &privkey));
-  GNUNET_free (hostkey_file);
-
-  GNUNET_asprintf (&hostkey_file,
-                   "zonefiles%s%s",
-                   DIR_SEPARATOR_STR,
-                   "HGU0A0VCU334DN7F2I9UIUMVQMM7JMSD142LIMNUGTTV9R0CF4EG.zkey");
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Using zonekey file `%s' \n",
-              hostkey_file);
-  GNUNET_assert (GNUNET_SYSERR !=
-                 GNUNET_CRYPTO_ecdsa_key_from_file (hostkey_file,
-                                                    GNUNET_YES,
-                                                    &privkey2));
-  GNUNET_free (hostkey_file);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Created record 1\n");
 
diff --git a/src/namestore/test_namestore_api_zone_iteration_nick.c b/src/namestore/test_namestore_api_zone_iteration_nick.c
index 4e54a05d2..c203a63a6 100644
--- a/src/namestore/test_namestore_api_zone_iteration_nick.c
+++ b/src/namestore/test_namestore_api_zone_iteration_nick.c
@@ -38,9 +38,9 @@
 
 static struct GNUNET_NAMESTORE_Handle *nsh;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneIterator *zi;
 
@@ -153,7 +153,7 @@ zone_proc_end (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -345,7 +345,7 @@ nick_1_cont (void *cls, int32_t success, const char *emsg)
  */
 static void
 empty_zone_proc (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone,
                  const char *label,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -379,8 +379,10 @@ empty_zone_end (void *cls)
   struct GNUNET_GNSRECORD_Data rd;
 
   zi = NULL;
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey2);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
 
   memset (&rd, 0, sizeof(rd));
   rd.data = ZONE_NICK_1;
diff --git a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
index 30920713f..70097a69e 100644
--- a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
+++ b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
@@ -38,9 +38,9 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneIterator *zi;
 
@@ -124,7 +124,7 @@ fail_cb (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -309,7 +309,7 @@ create_record (unsigned int count)
  */
 static void
 empty_zone_proc (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone,
                  const char *label,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -341,8 +341,10 @@ static void
 empty_zone_proc_end (void *cls)
 {
   zi = NULL;
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey2);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Created record 1\n");
   GNUNET_asprintf (&s_name_1,
diff --git a/src/namestore/test_namestore_api_zone_iteration_stop.c b/src/namestore/test_namestore_api_zone_iteration_stop.c
index bdcdd1706..71b36ba09 100644
--- a/src/namestore/test_namestore_api_zone_iteration_stop.c
+++ b/src/namestore/test_namestore_api_zone_iteration_stop.c
@@ -34,9 +34,9 @@
 
 static struct GNUNET_NAMESTORE_Handle *nsh;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey2;
+static struct GNUNET_IDENTITY_PrivateKey privkey2;
 
 static struct GNUNET_NAMESTORE_ZoneIterator *zi;
 
@@ -112,7 +112,7 @@ fail_cb (void *cls)
 
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+           const struct GNUNET_IDENTITY_PrivateKey *zone,
            const char *label,
            unsigned int rd_count,
            const struct GNUNET_GNSRECORD_Data *rd)
@@ -318,7 +318,7 @@ create_record (unsigned int count)
  */
 static void
 empty_zone_proc (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone,
                  const char *label,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -347,34 +347,13 @@ empty_zone_proc (void *cls,
 static void
 empty_zone_proc_end (void *cls)
 {
-  char *hostkey_file;
-
   GNUNET_assert (nsh == cls);
   zi = NULL;
-  GNUNET_asprintf (&hostkey_file,
-                   "zonefiles%s%s",
-                   DIR_SEPARATOR_STR,
-                   "N0UJMP015AFUNR2BTNM3FKPBLG38913BL8IDMCO2H0A1LIB81960.zkey");
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Using zonekey file `%s' \n",
-              hostkey_file);
-  GNUNET_assert (GNUNET_SYSERR
-                 != GNUNET_CRYPTO_ecdsa_key_from_file (hostkey_file,
-                                                       GNUNET_YES,
-                                                       &privkey));
-  GNUNET_free (hostkey_file);
-  GNUNET_asprintf (&hostkey_file,
-                   "zonefiles%s%s",
-                   DIR_SEPARATOR_STR,
-                   "HGU0A0VCU334DN7F2I9UIUMVQMM7JMSD142LIMNUGTTV9R0CF4EG.zkey");
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Using zonekey file `%s'\n",
-              hostkey_file);
-  GNUNET_assert (GNUNET_SYSERR !=
-                 GNUNET_CRYPTO_ecdsa_key_from_file (hostkey_file,
-                                                    GNUNET_YES,
-                                                    &privkey2));
-  GNUNET_free (hostkey_file);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  privkey2.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey2.ecdsa_key);
+
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Created record 1\n");
 
diff --git a/src/namestore/test_namestore_api_zone_to_name.c b/src/namestore/test_namestore_api_zone_to_name.c
index 94cc5c285..e5ede6bcd 100644
--- a/src/namestore/test_namestore_api_zone_to_name.c
+++ b/src/namestore/test_namestore_api_zone_to_name.c
@@ -42,11 +42,11 @@ static struct GNUNET_NAMESTORE_Handle *nsh;
 
 static struct GNUNET_SCHEDULER_Task *endbadly_task;
 
-static struct GNUNET_CRYPTO_EcdsaPrivateKey privkey;
+static struct GNUNET_IDENTITY_PrivateKey privkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+static struct GNUNET_IDENTITY_PublicKey pubkey;
 
-static struct GNUNET_CRYPTO_EcdsaPublicKey s_zone_value;
+static struct GNUNET_IDENTITY_PublicKey s_zone_value;
 
 static char *s_name;
 
@@ -92,7 +92,7 @@ end (void *cls)
 
 static void
 zone_to_name_proc (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone_key,
                    const char *n,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd)
@@ -203,10 +203,11 @@ run (void *cls,
   GNUNET_SCHEDULER_add_shutdown (&end,
                                  NULL);
   GNUNET_asprintf (&s_name, "dummy");
-  GNUNET_CRYPTO_ecdsa_key_create (&privkey);
+  privkey.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+  GNUNET_CRYPTO_ecdsa_key_create (&privkey.ecdsa_key);
   /* get public key */
-  GNUNET_CRYPTO_ecdsa_key_get_public (&privkey,
-                                      &pubkey);
+  GNUNET_IDENTITY_key_get_public (&privkey,
+                                  &pubkey);
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                               &s_zone_value,
diff --git a/src/namestore/test_plugin_namestore.c b/src/namestore/test_plugin_namestore.c
index 0f9ce97e4..baea0e444 100644
--- a/src/namestore/test_plugin_namestore.c
+++ b/src/namestore/test_plugin_namestore.c
@@ -85,14 +85,14 @@ load_plugin (const struct GNUNET_CONFIGURATION_Handle *cfg)
 static void
 test_record (void *cls,
              uint64_t seq,
-             const struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
+             const struct GNUNET_IDENTITY_PrivateKey *private_key,
              const char *label,
              unsigned int rd_count,
              const struct GNUNET_GNSRECORD_Data *rd)
 {
   int *idp = cls;
   int id = *idp;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey tzone_private_key;
+  struct GNUNET_IDENTITY_PrivateKey tzone_private_key;
   char tname[64];
   unsigned int trd_count = 1 + (id % 1024);
 
@@ -123,7 +123,7 @@ get_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id)
 static void
 put_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id)
 {
-  struct GNUNET_CRYPTO_EcdsaPrivateKey zone_private_key;
+  struct GNUNET_IDENTITY_PrivateKey zone_private_key;
   char label[64];
   unsigned int rd_count = 1 + (id % 1024);
   struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
diff --git a/src/nse/gnunet-nse-profiler.c b/src/nse/gnunet-nse-profiler.c
index 81a16b245..f653a716e 100644
--- a/src/nse/gnunet-nse-profiler.c
+++ b/src/nse/gnunet-nse-profiler.c
@@ -317,7 +317,7 @@ handle_estimate (void *cls,
   }
   size = GNUNET_snprintf (output_buffer,
                           sizeof(output_buffer),
-                          "%p %llu %llu %f %f %f\n",
+                          "%p %u %llu %f %f %f\n",
                           peer,
                           peers_running,
                           (unsigned long long) timestamp.abs_value_us,
diff --git a/src/peerinfo-tool/gnunet-peerinfo.c b/src/peerinfo-tool/gnunet-peerinfo.c
index 739249a93..987c7c3a0 100644
--- a/src/peerinfo-tool/gnunet-peerinfo.c
+++ b/src/peerinfo-tool/gnunet-peerinfo.c
@@ -338,9 +338,9 @@ print_address (void *cls,
   ar->pc = pc;
   ar->expiration = expiration;
   GNUNET_asprintf (&ar->result,
-                   "%s:%u:%u",
+                   "%s:%lu:%u",
                    address->transport_name,
-                   address->address_length,
+                   (unsigned long) address->address_length,
                    address->local_info);
   ar->atsc = GNUNET_TRANSPORT_address_to_string (cfg,
                                                  address,
diff --git a/src/peerinfo-tool/plugin_rest_peerinfo.c b/src/peerinfo-tool/plugin_rest_peerinfo.c
index 99cec7e58..4bbc7442e 100644
--- a/src/peerinfo-tool/plugin_rest_peerinfo.c
+++ b/src/peerinfo-tool/plugin_rest_peerinfo.c
@@ -554,9 +554,9 @@ print_address (void *cls,
   ar->pc = pc;
   ar->expiration = expiration;
   GNUNET_asprintf (&ar->result,
-                   "%s:%u:%u",
+                   "%s:%lu:%u",
                    address->transport_name,
-                   address->address_length,
+                   (unsigned long) address->address_length,
                    address->local_info);
   ar->atsc = GNUNET_TRANSPORT_address_to_string (cfg,
                                                  address,
diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am
index a58127abf..9463f19d9 100644
--- a/src/reclaim/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -103,6 +103,7 @@ gnunet_service_reclaim_SOURCES = \
  gnunet-service-reclaim_tickets.h
 gnunet_service_reclaim_LDADD = \
  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+ $(top_builddir)/src/identity/libgnunetidentity.la \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(top_builddir)/src/namestore/libgnunetnamestore.la \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c
index b9306b802..cefb66b8f 100644
--- a/src/reclaim/gnunet-reclaim.c
+++ b/src/reclaim/gnunet-reclaim.c
@@ -152,12 +152,12 @@ static struct GNUNET_RECLAIM_TicketIterator *ticket_iterator;
 /**
  * ego private key
  */
-static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey;
+static const struct GNUNET_IDENTITY_PrivateKey *pkey;
 
 /**
  * rp public key
  */
-static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
+static struct GNUNET_IDENTITY_PublicKey rp_key;
 
 /**
  * Ticket to consume
@@ -261,7 +261,7 @@ store_cont (void *cls, int32_t success, const char *emsg)
 
 static void
 process_attrs (void *cls,
-               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+               const struct GNUNET_IDENTITY_PublicKey *identity,
                const struct GNUNET_RECLAIM_Attribute *attr,
                const struct GNUNET_RECLAIM_Presentation *presentation)
 {
@@ -346,7 +346,7 @@ ticket_iter (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
   aud =
     GNUNET_STRINGS_data_to_string_alloc (&ticket->audience,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   ref = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof(ticket->rnd));
   tkt =
     GNUNET_STRINGS_data_to_string_alloc (ticket,
@@ -511,7 +511,7 @@ iter_finished (void *cls)
 
 static void
 iter_cb (void *cls,
-         const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+         const struct GNUNET_IDENTITY_PublicKey *identity,
          const struct GNUNET_RECLAIM_Attribute *attr)
 {
   struct GNUNET_RECLAIM_AttributeListEntry *le;
@@ -653,7 +653,7 @@ cred_iter_finished (void *cls)
 
 static void
 cred_iter_cb (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+              const struct GNUNET_IDENTITY_PublicKey *identity,
               const struct GNUNET_RECLAIM_Credential *cred)
 {
   char *cred_str;
@@ -734,7 +734,7 @@ start_process ()
 
   if ((NULL != rp) &&
       (GNUNET_OK !=
-       GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key)) )
+       GNUNET_IDENTITY_public_key_from_string (rp, &rp_key)) )
   {
     fprintf (stderr, "%s is not a public key!\n", rp);
     cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c
index d2cdc62a2..0774fecea 100644
--- a/src/reclaim/gnunet-service-reclaim.c
+++ b/src/reclaim/gnunet-service-reclaim.c
@@ -110,7 +110,7 @@ struct Iterator
   /**
    * Key of the zone we are iterating over.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Namestore iterator
@@ -266,7 +266,7 @@ struct AttributeDeleteHandle
   /**
    * Identity
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
 
   /**
@@ -334,12 +334,12 @@ struct AttributeStoreHandle
   /**
    * Identity
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Identity pubkey
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey;
+  struct GNUNET_IDENTITY_PublicKey identity_pkey;
 
   /**
    * QueueEntry
@@ -862,7 +862,7 @@ handle_revoke_ticket_message (void *cls, const struct RevokeTicketMessage *rm)
  */
 static void
 consume_result_cb (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+                   const struct GNUNET_IDENTITY_PublicKey *identity,
                    const struct GNUNET_RECLAIM_AttributeList *attrs,
                    const struct GNUNET_RECLAIM_PresentationList *presentations,
                    int32_t success,
@@ -1082,7 +1082,7 @@ handle_attribute_store_message (void *cls,
   ash->r_id = ntohl (sam->id);
   ash->identity = sam->identity;
   ash->exp.rel_value_us = GNUNET_ntohll (sam->exp);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, &ash->identity_pkey);
+  GNUNET_IDENTITY_key_get_public (&sam->identity, &ash->identity_pkey);
 
   GNUNET_SERVICE_client_continue (idp->client);
   ash->client = idp;
@@ -1157,7 +1157,7 @@ cred_error (void *cls)
 */
 static void
 cred_add_cb (void *cls,
-             const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+             const struct GNUNET_IDENTITY_PrivateKey *zone,
              const char *label,
              unsigned int rd_count,
              const struct GNUNET_GNSRECORD_Data *rd)
@@ -1266,7 +1266,7 @@ handle_credential_store_message (void *cls,
   ash->r_id = ntohl (sam->id);
   ash->identity = sam->identity;
   ash->exp.rel_value_us = GNUNET_ntohll (sam->exp);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, &ash->identity_pkey);
+  GNUNET_IDENTITY_key_get_public (&sam->identity, &ash->identity_pkey);
 
   GNUNET_SERVICE_client_continue (idp->client);
   ash->client = idp;
@@ -1311,7 +1311,7 @@ send_delete_response (struct AttributeDeleteHandle *adh, int32_t success)
  */
 static void
 ticket_iter (void *cls,
-             const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+             const struct GNUNET_IDENTITY_PrivateKey *zone,
              const char *label,
              unsigned int rd_count,
              const struct GNUNET_GNSRECORD_Data *rd)
@@ -1739,7 +1739,7 @@ attr_iter_error (void *cls)
  */
 static void
 attr_iter_cb (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+              const struct GNUNET_IDENTITY_PrivateKey *zone,
               const char *label,
               unsigned int rd_count,
               const struct GNUNET_GNSRECORD_Data *rd)
@@ -1764,7 +1764,7 @@ attr_iter_cb (void *cls,
                              GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (ai->request_id);
   arm->attr_len = htons (rd->data_size);
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone, &arm->identity);
+  GNUNET_IDENTITY_key_get_public (zone, &arm->identity);
   data_tmp = (char *) &arm[1];
   GNUNET_memcpy (data_tmp, rd->data, rd->data_size);
   GNUNET_MQ_send (ai->client->mq, env);
@@ -1923,7 +1923,7 @@ cred_iter_error (void *cls)
  */
 static void
 cred_iter_cb (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+              const struct GNUNET_IDENTITY_PrivateKey *zone,
               const char *label,
               unsigned int rd_count,
               const struct GNUNET_GNSRECORD_Data *rd)
@@ -1948,7 +1948,7 @@ cred_iter_cb (void *cls,
                              GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT);
   arm->id = htonl (ai->request_id);
   arm->credential_len = htons (rd->data_size);
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone, &arm->identity);
+  GNUNET_IDENTITY_key_get_public (zone, &arm->identity);
   data_tmp = (char *) &arm[1];
   GNUNET_memcpy (data_tmp, rd->data, rd->data_size);
 
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c
index 4dd8100f9..0b1730bec 100644
--- a/src/reclaim/gnunet-service-reclaim_tickets.c
+++ b/src/reclaim/gnunet-service-reclaim_tickets.c
@@ -86,12 +86,12 @@ struct RECLAIM_TICKETS_ConsumeHandle
   /**
    * Audience Key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Audience Key
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
+  struct GNUNET_IDENTITY_PublicKey identity_pub;
 
   /**
    * Lookup DLL
@@ -180,7 +180,7 @@ struct TicketIssueHandle
   /**
    * Issuer Key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Ticket to issue
@@ -263,7 +263,7 @@ struct RECLAIM_TICKETS_RevokeHandle
   /**
    * Issuer Key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Callback
@@ -490,7 +490,7 @@ rvk_ticket_update_finished (void *cls)
  */
 static void
 rvk_ticket_update (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone,
                    const char *label,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd)
@@ -665,7 +665,7 @@ move_attr_finished (void *cls, int32_t success, const char *emsg)
  */
 static void
 rvk_move_attr_cb (void *cls,
-                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                  const struct GNUNET_IDENTITY_PrivateKey *zone,
                   const char *label,
                   unsigned int rd_count,
                   const struct GNUNET_GNSRECORD_Data *rd)
@@ -850,7 +850,7 @@ remove_ticket_cont (void *cls, int32_t success, const char *emsg)
  */
 static void
 revoke_attrs_cb (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                 const struct GNUNET_IDENTITY_PrivateKey *zone,
                  const char *label,
                  unsigned int rd_count,
                  const struct GNUNET_GNSRECORD_Data *rd)
@@ -913,7 +913,7 @@ rvk_attrs_err_cb (void *cls)
  */
 struct RECLAIM_TICKETS_RevokeHandle *
 RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+                        const struct GNUNET_IDENTITY_PrivateKey *identity,
                         RECLAIM_TICKETS_RevokeCallback cb,
                         void *cb_cls)
 {
@@ -925,7 +925,7 @@ RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket,
   rvk->cb_cls = cb_cls;
   rvk->identity = *identity;
   rvk->ticket = *ticket;
-  GNUNET_CRYPTO_ecdsa_key_get_public (&rvk->identity, &rvk->ticket.identity);
+  GNUNET_IDENTITY_key_get_public (&rvk->identity, &rvk->ticket.identity);
   /** Get shared attributes **/
   label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
                                                sizeof(ticket->rnd));
@@ -1184,7 +1184,7 @@ lookup_authz_cb (void *cls,
  * @return handle to the operation
  */
 struct RECLAIM_TICKETS_ConsumeHandle *
-RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id,
+RECLAIM_TICKETS_consume (const struct GNUNET_IDENTITY_PrivateKey *id,
                          const struct GNUNET_RECLAIM_Ticket *ticket,
                          RECLAIM_TICKETS_ConsumeCallback cb,
                          void *cb_cls)
@@ -1195,7 +1195,7 @@ RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id,
   cth = GNUNET_new (struct RECLAIM_TICKETS_ConsumeHandle);
 
   cth->identity = *id;
-  GNUNET_CRYPTO_ecdsa_key_get_public (&cth->identity, &cth->identity_pub);
+  GNUNET_IDENTITY_key_get_public (&cth->identity, &cth->identity_pub);
   cth->attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
   cth->presentations = GNUNET_new (struct GNUNET_RECLAIM_PresentationList);
   cth->ticket = *ticket;
@@ -1453,7 +1453,7 @@ filter_tickets_error_cb (void *cls)
  */
 static void
 filter_tickets_cb (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone,
                    const char *label,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd)
@@ -1489,7 +1489,7 @@ filter_tickets_cb (void *cls,
       // cmp audience
       if (0 == memcmp (&tih->ticket.audience,
                        &ticket->audience,
-                       sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+                       sizeof(struct GNUNET_IDENTITY_PublicKey)))
       {
         tih->ticket = *ticket;
         continue;
@@ -1602,7 +1602,7 @@ filter_tickets_finished_cb (void *cls)
 {
   struct TicketIssueHandle *tih = cls;
 
-  GNUNET_CRYPTO_ecdsa_key_get_public (&tih->identity, &tih->ticket.identity);
+  GNUNET_IDENTITY_key_get_public (&tih->identity, &tih->ticket.identity);
   GNUNET_RECLAIM_id_generate (&tih->ticket.rnd);
   issue_ticket (tih);
 }
@@ -1620,9 +1620,9 @@ filter_tickets_finished_cb (void *cls)
  * FIXME: Return handle??
  */
 void
-RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+RECLAIM_TICKETS_issue (const struct GNUNET_IDENTITY_PrivateKey *identity,
                        const struct GNUNET_RECLAIM_AttributeList *attrs,
-                       const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const struct GNUNET_IDENTITY_PublicKey *audience,
                        RECLAIM_TICKETS_TicketResult cb,
                        void *cb_cls)
 {
@@ -1680,7 +1680,7 @@ cleanup_iter (struct RECLAIM_TICKETS_Iterator *iter)
  */
 static void
 collect_tickets_cb (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                    const struct GNUNET_IDENTITY_PrivateKey *zone,
                     const char *label,
                     unsigned int rd_count,
                     const struct GNUNET_GNSRECORD_Data *rd)
@@ -1765,7 +1765,7 @@ RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter)
  */
 struct RECLAIM_TICKETS_Iterator *
 RECLAIM_TICKETS_iteration_start (
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   RECLAIM_TICKETS_TicketIter cb,
   void *cb_cls)
 {
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.h b/src/reclaim/gnunet-service-reclaim_tickets.h
index 0dd790fc7..9c31a6143 100644
--- a/src/reclaim/gnunet-service-reclaim_tickets.h
+++ b/src/reclaim/gnunet-service-reclaim_tickets.h
@@ -138,7 +138,7 @@ typedef void (*RECLAIM_TICKETS_TicketResult) (
  */
 typedef void (*RECLAIM_TICKETS_ConsumeCallback) (
   void *cls,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+  const struct GNUNET_IDENTITY_PublicKey *identity,
   const struct GNUNET_RECLAIM_AttributeList *attributes,
   const struct GNUNET_RECLAIM_PresentationList *presentations,
   int32_t success,
@@ -167,7 +167,7 @@ typedef void (*RECLAIM_TICKETS_RevokeCallback) (void *cls, int32_t success);
  */
 struct RECLAIM_TICKETS_RevokeHandle *
 RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+                        const struct GNUNET_IDENTITY_PrivateKey *identity,
                         RECLAIM_TICKETS_RevokeCallback cb,
                         void *cb_cls);
 
@@ -193,7 +193,7 @@ RECLAIM_TICKETS_revoke_cancel (struct RECLAIM_TICKETS_RevokeHandle *rh);
  * @return handle to the operation
  */
 struct RECLAIM_TICKETS_ConsumeHandle *
-RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id,
+RECLAIM_TICKETS_consume (const struct GNUNET_IDENTITY_PrivateKey *id,
                          const struct GNUNET_RECLAIM_Ticket *ticket,
                          RECLAIM_TICKETS_ConsumeCallback cb,
                          void *cb_cls);
@@ -220,9 +220,9 @@ RECLAIM_TICKETS_consume_cancel (struct RECLAIM_TICKETS_ConsumeHandle *cth);
  * FIXME: Return handle??
  */
 void
-RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+RECLAIM_TICKETS_issue (const struct GNUNET_IDENTITY_PrivateKey *identity,
                        const struct GNUNET_RECLAIM_AttributeList *attrs,
-                       const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const struct GNUNET_IDENTITY_PublicKey *audience,
                        RECLAIM_TICKETS_TicketResult cb,
                        void *cb_cls);
 
@@ -255,7 +255,7 @@ RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter);
  */
 struct RECLAIM_TICKETS_Iterator *
 RECLAIM_TICKETS_iteration_start (
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   RECLAIM_TICKETS_TicketIter cb,
   void *cb_cls);
 
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index b307a358c..c3ff07976 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -155,7 +155,7 @@ fix_base64 (char *str)
 }
 
 static json_t*
-generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key,
                        const struct GNUNET_RECLAIM_AttributeList *attrs,
                        const struct GNUNET_RECLAIM_PresentationList *presentations)
 {
@@ -180,7 +180,7 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
   subject =
     GNUNET_STRINGS_data_to_string_alloc (sub_key,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   body = json_object ();
   aggr_names = json_object ();
   aggr_sources = json_object ();
@@ -295,7 +295,7 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
  * @return Userinfo JSON
  */
 char *
-OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key,
                         const struct GNUNET_RECLAIM_AttributeList *attrs,
                         const struct GNUNET_RECLAIM_PresentationList *presentations)
 {
@@ -321,8 +321,8 @@ OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
  * @return a new base64-encoded JWT string.
  */
 char *
-OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                        const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key,
+                        const struct GNUNET_IDENTITY_PublicKey *sub_key,
                         const struct GNUNET_RECLAIM_AttributeList *attrs,
                         const struct GNUNET_RECLAIM_PresentationList *presentations,
                         const struct GNUNET_TIME_Relative *expiration_time,
@@ -356,11 +356,11 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
   subject =
     GNUNET_STRINGS_data_to_string_alloc (sub_key,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   audience =
     GNUNET_STRINGS_data_to_string_alloc (aud_key,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   header = create_jwt_header ();
 
   // aud REQUIRED public key client_id must be there
@@ -438,7 +438,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
  * @return a new authorization code (caller must free)
  */
 char *
-OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer,
                        const struct GNUNET_RECLAIM_Ticket *ticket,
                        const struct GNUNET_RECLAIM_AttributeList *attrs,
                        const struct GNUNET_RECLAIM_PresentationList *presentations,
@@ -544,7 +544,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
   buf_ptr += payload_len;
   // Sign and store signature
   if (GNUNET_SYSERR ==
-      GNUNET_CRYPTO_ecdsa_sign_ (issuer,
+      GNUNET_CRYPTO_ecdsa_sign_ (&issuer->ecdsa_key,
                                  purpose,
                                  (struct GNUNET_CRYPTO_EcdsaSignature *)
                                  buf_ptr))
@@ -576,7 +576,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
  * @return GNUNET_OK if successful, else GNUNET_SYSERR
  */
 int
-OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
                        const char *code,
                        const char *code_verifier,
                        struct GNUNET_RECLAIM_Ticket *ticket,
@@ -687,7 +687,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
       GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
                                    purpose,
                                    signature,
-                                   &ticket->identity))
+                                   &ticket->identity.ecdsa_key))
   {
     GNUNET_free (code_payload);
     if (NULL != *nonce_str)
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
index 10a6f3d1f..eb1022423 100644
--- a/src/reclaim/oidc_helper.h
+++ b/src/reclaim/oidc_helper.h
@@ -50,8 +50,8 @@
  * @return a new base64-encoded JWT string.
  */
 char*
-OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key,
+                   const struct GNUNET_IDENTITY_PublicKey *sub_key,
                    const struct GNUNET_RECLAIM_AttributeList *attrs,
                    const struct GNUNET_RECLAIM_PresentationList *presentations,
                    const struct GNUNET_TIME_Relative *expiration_time,
@@ -71,7 +71,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
  * @return a new authorization code (caller must free)
  */
 char*
-OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer,
                        const struct GNUNET_RECLAIM_Ticket *ticket,
                        const struct GNUNET_RECLAIM_AttributeList *attrs,
                        const struct GNUNET_RECLAIM_PresentationList *presentations,
@@ -93,7 +93,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
  * @return GNUNET_OK if successful, else GNUNET_SYSERR
  */
 int
-OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub,
+OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *ecdsa_pub,
                        const char *code,
                        const char *code_verifier,
                        struct GNUNET_RECLAIM_Ticket *ticket,
@@ -152,7 +152,7 @@ OIDC_check_scopes_for_claim_request (const char *scopes,
  * @return Userinfo JSON
  */
 char *
-OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key,
                         const struct GNUNET_RECLAIM_AttributeList *attrs,
                         const struct GNUNET_RECLAIM_PresentationList *presentations);
 
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 5b0bb2b6f..7a8a886bd 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -300,7 +300,7 @@ struct OIDC_Variables
   /**
    * The RP client public key
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey;
+  struct GNUNET_IDENTITY_PublicKey client_pkey;
 
   /**
    * The OIDC client id of the RP
@@ -411,7 +411,7 @@ struct RequestHandle
   /**
    * Pointer to ego private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
+  struct GNUNET_IDENTITY_PrivateKey priv_key;
 
   /**
    * OIDC variables
@@ -972,7 +972,7 @@ oidc_ticket_issue_cb (void *cls,
       (NULL != handle->tld))
   {
     GNUNET_asprintf (&redirect_uri,
-                     "%s.%s/%s?%s=%s&state=%s",
+                     "%s.%s/%s%s%s=%s&state=%s",
                      handle->redirect_prefix,
                      handle->tld,
                      handle->redirect_suffix,
@@ -1087,7 +1087,7 @@ oidc_cred_collect_finished_cb (void *cls)
  */
 static void
 oidc_cred_collect (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+                   const struct GNUNET_IDENTITY_PublicKey *identity,
                    const struct GNUNET_RECLAIM_Credential *cred)
 {
   struct RequestHandle *handle = cls;
@@ -1211,7 +1211,7 @@ attr_in_userinfo_request (struct RequestHandle *handle,
  */
 static void
 oidc_attr_collect (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+                   const struct GNUNET_IDENTITY_PublicKey *identity,
                    const struct GNUNET_RECLAIM_Attribute *attr)
 {
   struct RequestHandle *handle = cls;
@@ -1260,8 +1260,8 @@ code_redirect (void *cls)
   struct RequestHandle *handle = cls;
   struct GNUNET_TIME_Absolute current_time;
   struct GNUNET_TIME_Absolute *relog_time;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey ego_pkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
+  struct GNUNET_IDENTITY_PublicKey ego_pkey;
   struct GNUNET_HashCode cache_key;
   char *identity_cookie;
 
@@ -1281,11 +1281,8 @@ code_redirect (void *cls)
     if (current_time.abs_value_us <= relog_time->abs_value_us)
     {
       if (GNUNET_OK !=
-          GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc
+          GNUNET_IDENTITY_public_key_from_string (handle->oidc
                                                       ->login_identity,
-                                                      strlen (
-                                                        handle->oidc
-                                                        ->login_identity),
                                                       &pubkey))
       {
         handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE);
@@ -1376,7 +1373,7 @@ lookup_redirect_uri_result (void *cls,
   char *tmp;
   char *tmp_key_str;
   char *pos;
-  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
+  struct GNUNET_IDENTITY_PublicKey redirect_zone;
 
   handle->gns_op = NULL;
   if (0 == rd_count)
@@ -1608,10 +1605,10 @@ static void
 tld_iter (void *cls, const char *section, const char *option, const char *value)
 {
   struct RequestHandle *handle = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value), &pkey))
+      GNUNET_IDENTITY_public_key_from_string (value, &pkey))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value);
     return;
@@ -1635,8 +1632,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 {
   struct RequestHandle *handle = cls;
   struct EgoEntry *tmp_ego;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
+  struct GNUNET_IDENTITY_PublicKey pkey;
 
   cookie_identity_interpretation (handle);
 
@@ -1664,9 +1661,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   }
 
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
-                                                  strlen (
-                                                    handle->oidc->client_id),
+      GNUNET_IDENTITY_public_key_from_string (handle->oidc->client_id,
                                                   &handle->oidc->client_pkey))
   {
     handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT);
@@ -1682,7 +1677,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   for (tmp_ego = ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
   {
     priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
-    GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pkey);
+    GNUNET_IDENTITY_key_get_public (priv_key, &pkey);
     if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey))
     {
       handle->tld = GNUNET_strdup (tmp_ego->identifier);
@@ -1865,7 +1860,7 @@ parse_credentials_post_body (struct RequestHandle *handle,
 
 static int
 check_authorization (struct RequestHandle *handle,
-                     struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+                     struct GNUNET_IDENTITY_PublicKey *cid)
 {
   char *expected_pass;
   char *received_cid;
@@ -1902,7 +1897,7 @@ check_authorization (struct RequestHandle *handle,
     GNUNET_STRINGS_string_to_data (received_cid,
                                    strlen (received_cid),
                                    cid,
-                                   sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                                   sizeof(struct GNUNET_IDENTITY_PublicKey));
     GNUNET_free (received_cid);
     return GNUNET_OK;
 
@@ -1948,7 +1943,7 @@ check_authorization (struct RequestHandle *handle,
   GNUNET_STRINGS_string_to_data (received_cid,
                                  strlen (received_cid),
                                  cid,
-                                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                                 sizeof(struct GNUNET_IDENTITY_PublicKey));
 
   GNUNET_free (received_cpw);
   GNUNET_free (received_cid);
@@ -1958,10 +1953,10 @@ check_authorization (struct RequestHandle *handle,
 
 const struct EgoEntry *
 find_ego (struct RequestHandle *handle,
-          struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+          struct GNUNET_IDENTITY_PublicKey *test_key)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+  struct GNUNET_IDENTITY_PublicKey pub_key;
 
   for (ego_entry = ego_head; NULL != ego_entry;
        ego_entry = ego_entry->next)
@@ -1992,7 +1987,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   struct GNUNET_RECLAIM_AttributeList *cl = NULL;
   struct GNUNET_RECLAIM_PresentationList *pl = NULL;
   struct GNUNET_RECLAIM_Ticket ticket;
-  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+  struct GNUNET_IDENTITY_PublicKey cid;
   struct GNUNET_HashCode cache_key;
   struct MHD_Response *resp;
   char *grant_type;
@@ -2145,7 +2140,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  */
 static void
 consume_ticket (void *cls,
-                const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+                const struct GNUNET_IDENTITY_PublicKey *identity,
                 const struct GNUNET_RECLAIM_Attribute *attr,
                 const struct GNUNET_RECLAIM_Presentation *pres)
 {
@@ -2225,7 +2220,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   char *authorization_type;
   char *authorization_access_token;
   const struct EgoEntry *aud_ego;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
 
   GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Getting userinfo\n");
   GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
@@ -2349,7 +2344,7 @@ list_ego (void *cls,
           const char *identifier)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if ((NULL == ego) && (ID_REST_STATE_INIT == state))
   {
@@ -2362,7 +2357,7 @@ list_ego (void *cls,
   {
     ego_entry = GNUNET_new (struct EgoEntry);
     GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-    ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+    ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
     ego_entry->ego = ego;
     ego_entry->identifier = GNUNET_strdup (identifier);
     GNUNET_CONTAINER_DLL_insert_tail (ego_head,
@@ -2389,7 +2384,7 @@ list_ego (void *cls,
       /* Add */
       ego_entry = GNUNET_new (struct EgoEntry);
       GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-      ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+      ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
       ego_entry->ego = ego;
       ego_entry->identifier = GNUNET_strdup (identifier);
       GNUNET_CONTAINER_DLL_insert_tail (ego_head,
diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c
index ff11d2a56..022744c82 100644
--- a/src/reclaim/plugin_rest_reclaim.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -172,7 +172,7 @@ struct RequestHandle
   /**
    * Pointer to ego private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
+  struct GNUNET_IDENTITY_PrivateKey priv_key;
 
   /**
    * Rest connection
@@ -440,14 +440,14 @@ ticket_collect (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket)
   tmp =
     GNUNET_STRINGS_data_to_string_alloc (&ticket->identity,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   value = json_string (tmp);
   json_object_set_new (json_resource, "issuer", value);
   GNUNET_free (tmp);
   tmp =
     GNUNET_STRINGS_data_to_string_alloc (&ticket->audience,
                                          sizeof(struct
-                                                GNUNET_CRYPTO_EcdsaPublicKey));
+                                                GNUNET_IDENTITY_PublicKey));
   value = json_string (tmp);
   json_object_set_new (json_resource, "audience", value);
   GNUNET_free (tmp);
@@ -465,7 +465,7 @@ add_credential_cont (struct GNUNET_REST_RequestHandle *con_handle,
                       void *cls)
 {
   struct RequestHandle *handle = cls;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+  const struct GNUNET_IDENTITY_PrivateKey *identity_priv;
   const char *identity;
   struct EgoEntry *ego_entry;
   struct GNUNET_RECLAIM_Credential *attribute;
@@ -545,7 +545,7 @@ add_credential_cont (struct GNUNET_REST_RequestHandle *con_handle,
  */
 static void
 cred_collect (void *cls,
-                const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+                const struct GNUNET_IDENTITY_PublicKey *identity,
                 const struct GNUNET_RECLAIM_Credential *cred)
 {
   struct RequestHandle *handle = cls;
@@ -631,7 +631,7 @@ list_credential_cont (struct GNUNET_REST_RequestHandle *con_handle,
                        void *cls)
 {
   struct RequestHandle *handle = cls;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
   struct EgoEntry *ego_entry;
   char *identity;
 
@@ -688,7 +688,7 @@ delete_credential_cont (struct GNUNET_REST_RequestHandle *con_handle,
                          void *cls)
 {
   struct RequestHandle *handle = cls;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
   struct GNUNET_RECLAIM_Credential attr;
   struct EgoEntry *ego_entry;
   char *identity_id_str;
@@ -754,7 +754,7 @@ list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
                    const char *url,
                    void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   char *identity;
@@ -801,7 +801,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
                     const char *url,
                     void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+  const struct GNUNET_IDENTITY_PrivateKey *identity_priv;
   const char *identity;
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
@@ -949,7 +949,7 @@ parse_jwt (const struct GNUNET_RECLAIM_Credential *cred,
  */
 static void
 attr_collect (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+              const struct GNUNET_IDENTITY_PublicKey *identity,
               const struct GNUNET_RECLAIM_Attribute *attr)
 {
   struct RequestHandle *handle = cls;
@@ -996,7 +996,7 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
                      const char *url,
                      void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   char *identity;
@@ -1050,7 +1050,7 @@ delete_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
                        const char *url,
                        void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  const struct GNUNET_IDENTITY_PrivateKey *priv_key;
   struct RequestHandle *handle = cls;
   struct GNUNET_RECLAIM_Attribute attr;
   struct EgoEntry *ego_entry;
@@ -1108,11 +1108,11 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
                     const char *url,
                     void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+  const struct GNUNET_IDENTITY_PrivateKey *identity_priv;
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct GNUNET_RECLAIM_Ticket *ticket = NULL;
-  struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
+  struct GNUNET_IDENTITY_PublicKey tmp_pk;
   char term_data[handle->rest_handle->data_size + 1];
   json_t *data_json;
   json_error_t err;
@@ -1156,7 +1156,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
     GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &tmp_pk);
     if (0 == memcmp (&ticket->identity,
                      &tmp_pk,
-                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+                     sizeof(struct GNUNET_IDENTITY_PublicKey)))
       break;
   }
   if (NULL == ego_entry)
@@ -1178,7 +1178,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
 static void
 consume_cont (void *cls,
-              const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+              const struct GNUNET_IDENTITY_PublicKey *identity,
               const struct GNUNET_RECLAIM_Attribute *attr,
               const struct GNUNET_RECLAIM_Presentation *pres)
 {
@@ -1215,11 +1215,11 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
                      const char *url,
                      void *cls)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+  const struct GNUNET_IDENTITY_PrivateKey *identity_priv;
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct GNUNET_RECLAIM_Ticket *ticket;
-  struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
+  struct GNUNET_IDENTITY_PublicKey tmp_pk;
   char term_data[handle->rest_handle->data_size + 1];
   json_t *data_json;
   json_error_t err;
@@ -1259,7 +1259,7 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
     GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &tmp_pk);
     if (0 == memcmp (&ticket->audience,
                      &tmp_pk,
-                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+                     sizeof(struct GNUNET_IDENTITY_PublicKey)))
       break;
   }
   if (NULL == ego_entry)
@@ -1343,7 +1343,7 @@ list_ego (void *cls,
           const char *identifier)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if ((NULL == ego) && (ID_REST_STATE_INIT == state))
   {
@@ -1354,7 +1354,7 @@ list_ego (void *cls,
   {
     ego_entry = GNUNET_new (struct EgoEntry);
     GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-    ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+    ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
     ego_entry->ego = ego;
     ego_entry->identifier = GNUNET_strdup (identifier);
     GNUNET_CONTAINER_DLL_insert_tail (ego_head,
@@ -1380,7 +1380,7 @@ list_ego (void *cls,
       /* Add */
       ego_entry = GNUNET_new (struct EgoEntry);
       GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-      ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+      ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
       ego_entry->ego = ego;
       ego_entry->identifier = GNUNET_strdup (identifier);
       GNUNET_CONTAINER_DLL_insert_tail (ego_head,
diff --git a/src/reclaim/reclaim.h b/src/reclaim/reclaim.h
index bc7f34365..aae8ee89a 100644
--- a/src/reclaim/reclaim.h
+++ b/src/reclaim/reclaim.h
@@ -29,7 +29,7 @@
 #define RECLAIM_H
 
 #include "gnunet_common.h"
-
+#include "gnunet_identity_service.h"
 
 GNUNET_NETWORK_STRUCT_BEGIN
 
@@ -62,7 +62,7 @@ struct AttributeStoreMessage
   /**
    * Identity
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /* followed by the serialized attribute */
 };
@@ -91,7 +91,7 @@ struct AttributeDeleteMessage
   /**
    * Identity
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /* followed by the serialized attribute */
 };
@@ -151,7 +151,7 @@ struct AttributeResultMessage
   /**
    * The public key of the identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+  struct GNUNET_IDENTITY_PublicKey identity;
 
   /* followed by:
    * serialized attribute data
@@ -186,7 +186,7 @@ struct CredentialResultMessage
   /**
    * The public key of the identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+  struct GNUNET_IDENTITY_PublicKey identity;
 
   /* followed by:
    * serialized credential data
@@ -212,7 +212,7 @@ struct AttributeIterationStartMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 };
 
 
@@ -251,7 +251,7 @@ struct CredentialIterationStartMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 };
 
 
@@ -323,7 +323,7 @@ struct TicketIterationStartMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 };
 
 
@@ -379,12 +379,12 @@ struct IssueTicketMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * Requesting party.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey rp;
+  struct GNUNET_IDENTITY_PublicKey rp;
 
   /**
    * length of serialized attribute list
@@ -412,7 +412,7 @@ struct RevokeTicketMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * length of serialized attribute list
@@ -493,7 +493,7 @@ struct ConsumeTicketMessage
   /**
    * Identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * The ticket to consume
@@ -539,7 +539,7 @@ struct ConsumeTicketResultMessage
   /**
    * The public key of the identity.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+  struct GNUNET_IDENTITY_PublicKey identity;
 
   /* followed by:
    * serialized attributes data
diff --git a/src/reclaim/reclaim_api.c b/src/reclaim/reclaim_api.c
index 1e0251519..f4f2b946a 100644
--- a/src/reclaim/reclaim_api.c
+++ b/src/reclaim/reclaim_api.c
@@ -235,7 +235,7 @@ struct GNUNET_RECLAIM_AttributeIterator
   /**
    * Private key of the zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * The operation id this zone iteration operation has
@@ -302,7 +302,7 @@ struct GNUNET_RECLAIM_CredentialIterator
   /**
    * Private key of the zone.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  struct GNUNET_IDENTITY_PrivateKey identity;
 
   /**
    * The operation id this zone iteration operation has
@@ -704,7 +704,7 @@ check_attribute_result (void *cls, const struct AttributeResultMessage *msg)
 static void
 handle_attribute_result (void *cls, const struct AttributeResultMessage *msg)
 {
-  static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
+  static struct GNUNET_IDENTITY_PrivateKey identity_dummy;
   struct GNUNET_RECLAIM_Handle *h = cls;
   struct GNUNET_RECLAIM_AttributeIterator *it;
   struct GNUNET_RECLAIM_Operation *op;
@@ -806,7 +806,7 @@ static void
 handle_credential_result (void *cls, const struct
                            CredentialResultMessage *msg)
 {
-  static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
+  static struct GNUNET_IDENTITY_PrivateKey identity_dummy;
   struct GNUNET_RECLAIM_Handle *h = cls;
   struct GNUNET_RECLAIM_CredentialIterator *it;
   struct GNUNET_RECLAIM_Operation *op;
@@ -1134,7 +1134,7 @@ GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h)
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
@@ -1181,7 +1181,7 @@ GNUNET_RECLAIM_attribute_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
   void *cont_cls)
@@ -1226,7 +1226,7 @@ GNUNET_RECLAIM_attribute_delete (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *attr,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
@@ -1273,7 +1273,7 @@ GNUNET_RECLAIM_credential_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *attr,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
   void *cont_cls)
@@ -1330,7 +1330,7 @@ GNUNET_RECLAIM_credential_delete (
 struct GNUNET_RECLAIM_AttributeIterator *
 GNUNET_RECLAIM_get_attributes_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_RECLAIM_AttributeResult proc,
@@ -1439,7 +1439,7 @@ GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it)
 struct GNUNET_RECLAIM_CredentialIterator *
 GNUNET_RECLAIM_get_credentials_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_RECLAIM_CredentialResult proc,
@@ -1541,8 +1541,8 @@ GNUNET_RECLAIM_get_credentials_stop (struct
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_issue (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
+  const struct GNUNET_IDENTITY_PrivateKey *iss,
+  const struct GNUNET_IDENTITY_PublicKey *rp,
   const struct GNUNET_RECLAIM_AttributeList *attrs,
   GNUNET_RECLAIM_IssueTicketCallback cb,
   void *cb_cls)
@@ -1590,7 +1590,7 @@ GNUNET_RECLAIM_ticket_issue (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_consume (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_AttributeTicketResult cb,
   void *cb_cls)
@@ -1636,7 +1636,7 @@ GNUNET_RECLAIM_ticket_consume (
 struct GNUNET_RECLAIM_TicketIterator *
 GNUNET_RECLAIM_ticket_iteration_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_RECLAIM_TicketCallback proc,
@@ -1731,7 +1731,7 @@ GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it)
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_revoke (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+  const struct GNUNET_IDENTITY_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_ContinuationWithStatus cb,
   void *cb_cls)
diff --git a/src/reclaim/test_reclaim_attribute.c b/src/reclaim/test_reclaim_attribute.c
index f71d86b56..f8faf8021 100644
--- a/src/reclaim/test_reclaim_attribute.c
+++ b/src/reclaim/test_reclaim_attribute.c
@@ -9,12 +9,10 @@ main (int argc, char *argv[])
   struct GNUNET_RECLAIM_AttributeList *al;
   struct GNUNET_RECLAIM_AttributeList *al_two;
   struct GNUNET_RECLAIM_AttributeListEntry *ale;
-  struct GNUNET_RECLAIM_Attribute *attr;
   char attrname[100];
   char attrdata[100];
   size_t ser_len_claimed;
   size_t ser_len_actual;
-  ssize_t deser_len;
   char *ser_data;
   int count = 0;
 
diff --git a/src/regex/regex_block_lib.c b/src/regex/regex_block_lib.c
index a309c2305..159e8bf8a 100644
--- a/src/regex/regex_block_lib.c
+++ b/src/regex/regex_block_lib.c
@@ -352,14 +352,14 @@ REGEX_BLOCK_iterate (const struct RegexBlock *block,
   }
   off = len;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Start iterating block of size %u, proof %u, off %u edges %u\n",
-       size, len, off, n);
+       "Start iterating block of size %lu, proof %u, off %lu edges %u\n",
+       (unsigned long) size, len, (unsigned long) off, n);
   /* &aux[off] always points to our token */
   for (n = 0; n < num_edges; n++)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Edge %u/%u, off %u tokenlen %u (%.*s)\n",
-         n + 1, num_edges, off,
+         "Edge %u/%u, off %lu tokenlen %u (%.*s)\n",
+         n + 1, num_edges, (unsigned long) off,
          ntohs (edges[n].token_length), ntohs (edges[n].token_length),
          &aux[off]);
     if (NULL != iterator)
diff --git a/src/regex/regex_internal_dht.c b/src/regex/regex_internal_dht.c
index d2c69f131..39d7cd847 100644
--- a/src/regex/regex_internal_dht.c
+++ b/src/regex/regex_internal_dht.c
@@ -427,8 +427,7 @@ regex_find_path (const struct GNUNET_HashCode *key,
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Accept state found, now searching for paths to %s\n",
-       GNUNET_h2s (key),
-       (unsigned int) ctx->position);
+       GNUNET_h2s (key));
   get_h = GNUNET_DHT_get_start (ctx->info->dht,     /* handle */
                                 GNUNET_BLOCK_TYPE_REGEX_ACCEPT, /* type */
                                 key,     /* key to search */
@@ -534,8 +533,8 @@ regex_result_iterator (void *cls,
     return GNUNET_YES;   // We found an accept state!
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "* %u, %u, [%u]\n",
-       ctx->position,
+       "* %lu, %lu, [%u]\n",
+       (unsigned long) ctx->position,
        strlen (ctx->info->description),
        GNUNET_BLOCK_is_accepting (block, result->size));
   regex_next_edge (block, result->size, ctx);
@@ -729,7 +728,7 @@ REGEX_INTERNAL_search (struct GNUNET_DHT_Handle *dht,
        "Initial key for `%s' is %s (based on `%.*s')\n",
        string,
        GNUNET_h2s (&key),
-       size,
+       (int) size,
        string);
   ctx = GNUNET_new (struct RegexSearchContext);
   ctx->position = size;
diff --git a/src/regex/regex_test_graph.c b/src/regex/regex_test_graph.c
index 8e1e00fd4..c8efae772 100644
--- a/src/regex/regex_test_graph.c
+++ b/src/regex/regex_test_graph.c
@@ -177,8 +177,7 @@ REGEX_TEST_automaton_save_graph_step (void *cls, unsigned int count,
     }
     else
     {
-      GNUNET_asprintf (&s_acc, "\"%s\" [shape=doublecircle];\n", name,
-                       s->scc_id);
+      GNUNET_asprintf (&s_acc, "\"%s\" [shape=doublecircle];\n", name);
     }
   }
   else if (GNUNET_YES == ctx->coloring)
@@ -189,7 +188,7 @@ REGEX_TEST_automaton_save_graph_step (void *cls, unsigned int count,
   }
   else
   {
-    GNUNET_asprintf (&s_acc, "\"%s\" [shape=circle];\n", name, s->scc_id);
+    GNUNET_asprintf (&s_acc, "\"%s\" [shape=circle];\n", name);
   }
 
   GNUNET_assert (NULL != s_acc);
@@ -228,7 +227,7 @@ REGEX_TEST_automaton_save_graph_step (void *cls, unsigned int count,
       else
       {
         GNUNET_asprintf (&s_tran, "\"%s\" -> \"%s\" [label = \"ε\"];\n", name,
-                         to_name, s->scc_id);
+                         to_name);
       }
     }
     else
@@ -242,7 +241,7 @@ REGEX_TEST_automaton_save_graph_step (void *cls, unsigned int count,
       else
       {
         GNUNET_asprintf (&s_tran, "\"%s\" -> \"%s\" [label = \"%s\"];\n", name,
-                         to_name, ctran->label, s->scc_id);
+                         to_name, ctran->label);
       }
     }
 
diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am
index 9d98502a6..b1a079a0d 100644
--- a/src/revocation/Makefile.am
+++ b/src/revocation/Makefile.am
@@ -30,6 +30,7 @@ libgnunet_plugin_block_revocation_la_LIBADD = \
   $(top_builddir)/src/block/libgnunetblockgroup.la \
   $(top_builddir)/src/block/libgnunetblock.la \
   $(top_builddir)/src/util/libgnunetutil.la  \
+  $(top_builddir)/src/identity/libgnunetidentity.la  \
   $(LTLIBINTL)
 libgnunet_plugin_block_revocation_la_DEPENDENCIES = \
   libgnunetrevocation.la \
@@ -63,6 +64,7 @@ libgnunetrevocation_la_SOURCES = \
   revocation_api.c revocation.h
 libgnunetrevocation_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(LIBGCRYPT_LIBS) \
   $(GN_LIBINTL) $(XLIB) -lgcrypt
 libgnunetrevocation_la_LDFLAGS = \
@@ -80,6 +82,7 @@ gnunet_service_revocation_LDADD = \
   $(top_builddir)/src/core/libgnunetcore.la \
   $(top_builddir)/src/setu/libgnunetsetu.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la  \
   $(top_builddir)/src/util/libgnunetutil.la \
   -lm \
   $(GN_LIBINTL)
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c
index 29df1bb4d..1692472bb 100644
--- a/src/revocation/gnunet-revocation-tvg.c
+++ b/src/revocation/gnunet-revocation-tvg.c
@@ -65,25 +65,26 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_CRYPTO_EcdsaPrivateKey id_priv;
-  struct GNUNET_CRYPTO_EcdsaPublicKey id_pub;
-  struct GNUNET_REVOCATION_PowP pow;
+  struct GNUNET_IDENTITY_PrivateKey id_priv;
+  struct GNUNET_IDENTITY_PublicKey id_pub;
+  struct GNUNET_REVOCATION_PowP *pow;
   struct GNUNET_REVOCATION_PowCalculationHandle *ph;
   struct GNUNET_TIME_Relative exp;
 
-  GNUNET_CRYPTO_ecdsa_key_create (&id_priv);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&id_priv,
-                                      &id_pub);
+  id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&id_priv,
+                                  &id_pub);
   fprintf (stdout, "Zone private key (d, little-endian scalar):\n");
   print_bytes (&id_priv, sizeof(id_priv), 0);
   fprintf (stdout, "\n");
   fprintf (stdout, "Zone public key (zk):\n");
   print_bytes (&id_pub, sizeof(id_pub), 0);
   fprintf (stdout, "\n");
-  memset (&pow, 0, sizeof (pow));
+  pow = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
   GNUNET_REVOCATION_pow_init (&id_priv,
-                              &pow);
-  ph = GNUNET_REVOCATION_pow_start (&pow,
+                              pow);
+  ph = GNUNET_REVOCATION_pow_start (pow,
                                     TEST_EPOCHS,
                                     TEST_DIFFICULTY);
   fprintf (stdout, "Difficulty (%d base difficulty + %d epochs): %d\n\n",
@@ -97,12 +98,12 @@ run (void *cls,
   }
   exp = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
                                        TEST_EPOCHS);
-  GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (&pow,
+  GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (pow,
                                                            TEST_DIFFICULTY,
                                                            exp));
   fprintf (stdout, "Proof:\n");
-  print_bytes (&pow,
-               sizeof (pow),
+  print_bytes (pow,
+               GNUNET_REVOCATION_proof_get_size (pow),
                8);
 }
 
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index 0e1e482ab..d59ea7c81 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -101,7 +101,7 @@ static struct GNUNET_SCHEDULER_Task *pow_task;
 /**
  * Proof-of-work object
  */
-static struct GNUNET_REVOCATION_PowP proof_of_work;
+static struct GNUNET_REVOCATION_PowP *proof_of_work;
 
 /**
  * Function run if the user aborts with CTRL-C.
@@ -213,7 +213,7 @@ static void
 perform_revocation ()
 {
   h = GNUNET_REVOCATION_revoke (cfg,
-                                &proof_of_work,
+                                proof_of_work,
                                 &print_revocation_result,
                                 NULL);
 }
@@ -228,11 +228,12 @@ perform_revocation ()
 static void
 sync_pow ()
 {
+  size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
   if ((NULL != filename) &&
-      (sizeof(struct GNUNET_REVOCATION_PowP) !=
+      (psize !=
        GNUNET_DISK_fn_write (filename,
-                             &proof_of_work,
-                             sizeof(struct GNUNET_REVOCATION_PowP),
+                             proof_of_work,
+                             psize,
                              GNUNET_DISK_PERM_USER_READ
                              | GNUNET_DISK_PERM_USER_WRITE)))
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
@@ -269,6 +270,7 @@ static void
 calculate_pow (void *cls)
 {
   struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls;
+  size_t psize;
 
   /* store temporary results */
   pow_task = NULL;
@@ -277,11 +279,12 @@ calculate_pow (void *cls)
   /* actually do POW calculation */
   if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph))
   {
+    psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
     if ((NULL != filename) &&
-        (sizeof(struct GNUNET_REVOCATION_PowP) !=
+        (psize !=
          GNUNET_DISK_fn_write (filename,
-                               &proof_of_work,
-                               sizeof(struct GNUNET_REVOCATION_PowP),
+                               proof_of_work,
+                               psize,
                                GNUNET_DISK_PERM_USER_READ
                                | GNUNET_DISK_PERM_USER_WRITE)))
       GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
@@ -325,9 +328,10 @@ calculate_pow (void *cls)
 static void
 ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
+  struct GNUNET_IDENTITY_PublicKey key;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
   struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL;
+  size_t psize;
 
   el = NULL;
   if (NULL == ego)
@@ -338,12 +342,15 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
   }
   GNUNET_IDENTITY_ego_get_public_key (ego, &key);
   privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
-  memset (&proof_of_work, 0, sizeof (proof_of_work));
+  proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
   if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) &&
-      (sizeof(proof_of_work) ==
-       GNUNET_DISK_fn_read (filename, &proof_of_work, sizeof(proof_of_work))))
+      (0 < (psize =
+              GNUNET_DISK_fn_read (filename, proof_of_work,
+                                   GNUNET_REVOCATION_MAX_PROOF_SIZE))))
   {
-    if (0 != GNUNET_memcmp (&proof_of_work.key, &key))
+    size_t ksize = GNUNET_IDENTITY_key_get_length (&key);
+    if (((psize - sizeof (*proof_of_work)) < ksize) || // Key too small
+        (0 != memcmp (&proof_of_work[1], &key, ksize))) // Keys do not match
     {
       fprintf (stderr,
                _ ("Error: revocation certificate in `%s' is not for `%s'\n"),
@@ -352,7 +359,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
       return;
     }
     if (GNUNET_YES ==
-        GNUNET_REVOCATION_check_pow (&proof_of_work,
+        GNUNET_REVOCATION_check_pow (proof_of_work,
                                      (unsigned int) matching_bits,
                                      epoch_duration))
     {
@@ -369,7 +376,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
     fprintf (stderr,
              "%s",
              _ ("Continuing calculation where left off...\n"));
-    ph = GNUNET_REVOCATION_pow_start (&proof_of_work,
+    ph = GNUNET_REVOCATION_pow_start (proof_of_work,
                                       epochs,
                                       matching_bits);
   }
@@ -379,8 +386,8 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
   if (NULL == ph)
   {
     GNUNET_REVOCATION_pow_init (privkey,
-                                &proof_of_work);
-    ph = GNUNET_REVOCATION_pow_start (&proof_of_work,
+                                proof_of_work);
+    ph = GNUNET_REVOCATION_pow_start (proof_of_work,
                                       epochs, /* Epochs */
                                       matching_bits);
   }
@@ -403,15 +410,15 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
+  size_t psize;
 
   cfg = c;
   if (NULL != test_ego)
   {
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (test_ego,
-                                                    strlen (test_ego),
-                                                    &pk))
+        GNUNET_IDENTITY_public_key_from_string (test_ego,
+                                                &pk))
     {
       fprintf (stderr, _ ("Public key `%s' malformed\n"), test_ego);
       return;
@@ -463,23 +470,33 @@ run (void *cls,
   }
   if ((NULL != filename) && (perform))
   {
-    if (sizeof(proof_of_work) != GNUNET_DISK_fn_read (filename,
-                                                      &proof_of_work,
-                                                      sizeof(proof_of_work)))
+    size_t bread;
+    proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
+    if (0 < (bread = GNUNET_DISK_fn_read (filename,
+                                          proof_of_work,
+                                          GNUNET_REVOCATION_MAX_PROOF_SIZE)))
     {
       fprintf (stderr,
                _ ("Failed to read revocation certificate from `%s'\n"),
                filename);
       return;
     }
+    psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
+    if (bread != psize)
+    {
+      fprintf (stderr,
+               _ ("Revocation certificate corrupted in `%s'\n"),
+               filename);
+      return;
+    }
     GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
     if (GNUNET_YES !=
-        GNUNET_REVOCATION_check_pow (&proof_of_work,
+        GNUNET_REVOCATION_check_pow (proof_of_work,
                                      (unsigned int) matching_bits,
                                      epoch_duration))
     {
       struct GNUNET_REVOCATION_PowCalculationHandle *ph;
-      ph = GNUNET_REVOCATION_pow_start (&proof_of_work,
+      ph = GNUNET_REVOCATION_pow_start (proof_of_work,
                                         epochs, /* Epochs */
                                         matching_bits);
 
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index ddebb38ad..0fa92f4a6 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -172,7 +172,8 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer)
 static int
 verify_revoke_message (const struct RevokeMessage *rm)
 {
-  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
                                                  (unsigned
                                                   int) revocation_work_required,
                                                  epoch_duration))
@@ -236,7 +237,7 @@ handle_query_message (void *cls,
   int res;
 
   GNUNET_CRYPTO_hash (&qm->key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+                      sizeof(struct GNUNET_IDENTITY_PublicKey),
                       &hc);
   res = GNUNET_CONTAINER_multihashmap_contains (revocation_map,
                                                 &hc);
@@ -276,9 +277,11 @@ do_flood (void *cls,
     return GNUNET_OK; /* peer connected to us via SET,
                          but we have no direct CORE
                          connection for flooding */
-  e = GNUNET_MQ_msg (cp,
+  e = GNUNET_MQ_msg_extra (cp,
+                     htonl (rm->pow_size),
                      GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
   *cp = *rm;
+  memcpy (&cp[1], &rm[1], htonl (rm->pow_size));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Flooding revocation to `%s'\n",
               GNUNET_i2s (target));
@@ -303,9 +306,12 @@ publicize_rm (const struct RevokeMessage *rm)
   struct RevokeMessage *cp;
   struct GNUNET_HashCode hc;
   struct GNUNET_SETU_Element e;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
 
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  GNUNET_CRYPTO_hash (pk,
+                      GNUNET_IDENTITY_key_get_length (pk),
                       &hc);
   if (GNUNET_YES ==
       GNUNET_CONTAINER_multihashmap_contains (revocation_map,
@@ -371,6 +377,23 @@ publicize_rm (const struct RevokeMessage *rm)
 }
 
 
+static int
+check_revoke_message (void *cls,
+                      const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
 /**
  * Handle REVOKE message from client.
  *
@@ -403,6 +426,23 @@ handle_revoke_message (void *cls,
 }
 
 
+static int
+check_p2p_revoke (void *cls,
+                  const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
 /**
  * Core handler for flooded revocation messages.
  *
@@ -784,16 +824,17 @@ run (void *cls,
      struct GNUNET_SERVICE_Handle *service)
 {
   struct GNUNET_MQ_MessageHandler core_handlers[] = {
-    GNUNET_MQ_hd_fixed_size (p2p_revoke,
-                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
-                             struct RevokeMessage,
-                             NULL),
+    GNUNET_MQ_hd_var_size (p2p_revoke,
+                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                           struct RevokeMessage,
+                           NULL),
     GNUNET_MQ_handler_end ()
   };
   char *fn;
   uint64_t left;
   struct RevokeMessage *rm;
   struct GNUNET_HashCode hc;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
 
   GNUNET_CRYPTO_hash ("revocation-set-union-application-id",
                       strlen ("revocation-set-union-application-id"),
@@ -892,9 +933,11 @@ run (void *cls,
       GNUNET_free (fn);
       return;
     }
-    GNUNET_break (0 == ntohl (rm->reserved));
-    GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+    struct GNUNET_REVOCATION_PowP *pow = (struct
+                                          GNUNET_REVOCATION_PowP *) &rm[1];
+    pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+    GNUNET_CRYPTO_hash (pk,
+                        GNUNET_IDENTITY_key_get_length (pk),
                         &hc);
     GNUNET_break (GNUNET_OK ==
                   GNUNET_CONTAINER_multihashmap_put (revocation_map,
@@ -939,10 +982,10 @@ GNUNET_SERVICE_MAIN
                            GNUNET_MESSAGE_TYPE_REVOCATION_QUERY,
                            struct QueryMessage,
                            NULL),
-  GNUNET_MQ_hd_fixed_size (revoke_message,
-                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
-                           struct RevokeMessage,
-                           NULL),
+  GNUNET_MQ_hd_var_size (revoke_message,
+                         GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                         struct RevokeMessage,
+                         NULL),
   GNUNET_MQ_handler_end ());
 
 
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c
index 291c56f70..3c9344a49 100644
--- a/src/revocation/plugin_block_revocation.c
+++ b/src/revocation/plugin_block_revocation.c
@@ -143,16 +143,18 @@ block_plugin_revocation_evaluate (void *cls,
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
-  if (0 >=
-      GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
-                                   ic->matching_bits,
-                                   ic->epoch_duration))
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
+                                                 ic->matching_bits,
+                                                 ic->epoch_duration))
   {
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  GNUNET_CRYPTO_hash (pk,
+                      GNUNET_IDENTITY_key_get_length (pk),
                       &chash);
   if (GNUNET_YES ==
       GNUNET_BLOCK_GROUP_bf_test_and_set (group,
@@ -182,13 +184,16 @@ block_plugin_revocation_get_key (void *cls,
 {
   const struct RevokeMessage *rm = block;
 
-  if (block_size != sizeof(*rm))
+  if (block_size <= sizeof(*rm))
   {
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  GNUNET_CRYPTO_hash (pk,
+                      GNUNET_IDENTITY_key_get_length (pk),
                       key);
   return GNUNET_OK;
 }
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h
index 635c56cfc..c3a9c9e6b 100644
--- a/src/revocation/revocation.h
+++ b/src/revocation/revocation.h
@@ -49,7 +49,7 @@ struct QueryMessage
   /**
    * Key to check.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
+  struct GNUNET_IDENTITY_PublicKey key;
 };
 
 
@@ -85,14 +85,11 @@ struct RevokeMessage
   struct GNUNET_MessageHeader header;
 
   /**
-   * For alignment.
+   * Length of PoW with signature.
    */
-  uint32_t reserved GNUNET_PACKED;
+  uint32_t pow_size GNUNET_PACKED;
 
-  /**
-   * Number that causes a hash collision with the @e public_key.
-   */
-  struct GNUNET_REVOCATION_PowP proof_of_work;
+  /** Followed by the PoW **/
 };
 
 
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 75cfd8761..94fbc7022 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls,
  */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                         const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+                         const struct GNUNET_IDENTITY_PublicKey *key,
                          GNUNET_REVOCATION_Callback func,
                          void *func_cls)
 {
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
   }
   h->func = func;
   h->func_cls = func_cls;
-  env = GNUNET_MQ_msg (rm,
-                       GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
-  rm->reserved = htonl (0);
-  rm->proof_of_work = *pow;
+  size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow);
+  env = GNUNET_MQ_msg_extra (rm,
+                             extra_len,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
+  rm->pow_size = htonl (extra_len);
+  memcpy (&rm[1], pow, extra_len);
   GNUNET_MQ_send (h->mq,
                   env);
   return h;
@@ -420,6 +422,58 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph)
 }
 
 
+enum GNUNET_GenericReturnValue
+check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
+                       const struct GNUNET_CRYPTO_EcdsaPublicKey *key)
+{
+  struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp;
+  struct GNUNET_CRYPTO_EcdsaSignature *sig;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  size_t ksize;
+
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  ksize = GNUNET_IDENTITY_key_get_length (pk);
+
+  spurp.ktype = pk->type;
+  spurp.key = pk->ecdsa_key;
+  spurp.timestamp = pow->timestamp;
+  spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
+  spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+                              + GNUNET_IDENTITY_key_get_length (pk)
+                              + sizeof (struct GNUNET_TIME_AbsoluteNBO));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Expected signature payload len: %u\n",
+              ntohl (spurp.purpose.size));
+  sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize);
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+                                   &spurp.purpose,
+                                   sig,
+                                   key))
+  {
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+check_signature (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  switch (ntohl (pk->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return check_signature_ecdsa (pow, &pk->ecdsa_key);
+  default:
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_SYSERR;
+}
+
+
 /**
  * Check if the given proof-of-work is valid.
  *
@@ -433,10 +487,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                              unsigned int difficulty,
                              struct GNUNET_TIME_Relative epoch_duration)
 {
-  char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+  char buf[sizeof(struct GNUNET_IDENTITY_PublicKey)
            + sizeof (struct GNUNET_TIME_AbsoluteNBO)
            + sizeof (uint64_t)] GNUNET_ALIGN;
-  struct GNUNET_REVOCATION_SignaturePurposePS spurp;
   struct GNUNET_HashCode result;
   struct GNUNET_TIME_Absolute ts;
   struct GNUNET_TIME_Absolute exp;
@@ -446,25 +499,18 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
   unsigned int tmp_score = 0;
   unsigned int epochs;
   uint64_t pow_val;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
 
   /**
    * Check if signature valid
    */
-  spurp.key = pow->key;
-  spurp.timestamp = pow->timestamp;
-  spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
-  spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                              + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-                              + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
-                                   &spurp.purpose,
-                                   &pow->signature,
-                                   &pow->key))
+  if (GNUNET_OK != check_signature (pow))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Proof of work signature invalid!\n");
-    return GNUNET_NO;
+    return GNUNET_SYSERR;
   }
 
   /**
@@ -479,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                  &pow->timestamp,
                  sizeof (uint64_t));
   GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
-                 &pow->key,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                 pk,
+                 GNUNET_IDENTITY_key_get_length (pk));
   for (unsigned int i = 0; i < POW_COUNT; i++)
   {
     pow_val = GNUNET_ntohll (pow->pow[i]);
@@ -529,18 +575,15 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
 }
 
 
-/**
- * Initializes a fresh PoW computation.
- *
- * @param key the key to calculate the PoW for.
- * @param[out] pow starting point for PoW calculation (not yet valid)
- */
-void
-GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-                            struct GNUNET_REVOCATION_PowP *pow)
+enum GNUNET_GenericReturnValue
+sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+                struct GNUNET_REVOCATION_PowP *pow)
 {
   struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
-  struct GNUNET_REVOCATION_SignaturePurposePS rp;
+  struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  size_t ksize;
+  char *sig;
 
   /**
    * Predate the validity period to prevent rejections due to
@@ -548,19 +591,57 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
    */
   ts = GNUNET_TIME_absolute_subtract (ts,
                                       GNUNET_TIME_UNIT_WEEKS);
-
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  ksize = GNUNET_IDENTITY_key_get_length (pk);
   pow->timestamp = GNUNET_TIME_absolute_hton (ts);
   rp.timestamp = pow->timestamp;
   rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
   rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                           + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+                           + ksize
                            + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key);
-  rp.key = pow->key;
-  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_ecdsa_sign_ (key,
-                                            &rp.purpose,
-                                            &pow->signature));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Signature payload len: %u\n",
+              ntohl (rp.purpose.size));
+  rp.ktype = pk->type;
+  rp.key = pk->ecdsa_key;
+  sig = ((char*)&pow[1]) + ksize;
+  return GNUNET_CRYPTO_ecdsa_sign_ (key,
+                                    &rp.purpose,
+                                    (void*) sig);
+
+}
+
+
+enum GNUNET_GenericReturnValue
+sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key,
+          struct GNUNET_REVOCATION_PowP *pow)
+{
+  struct GNUNET_IDENTITY_PublicKey *pk;
+
+  pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  GNUNET_IDENTITY_key_get_public (key, pk);
+  switch (ntohl (pk->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sign_pow_ecdsa (&key->ecdsa_key, pow);
+  default:
+    return GNUNET_NO;
+  }
+  return GNUNET_NO;
+}
+
+
+/**
+ * Initializes a fresh PoW computation.
+ *
+ * @param key the key to calculate the PoW for.
+ * @param[out] pow starting point for PoW calculation (not yet valid)
+ */
+void
+GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key,
+                            struct GNUNET_REVOCATION_PowP *pow)
+{
+  GNUNET_assert (GNUNET_OK == sign_pow (key, pow));
 }
 
 
@@ -622,15 +703,17 @@ cmp_pow_value (const void *a, const void *b)
 enum GNUNET_GenericReturnValue
 GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
 {
-  char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+  char buf[sizeof(struct GNUNET_IDENTITY_PublicKey)
            + sizeof (uint64_t)
            + sizeof (uint64_t)] GNUNET_ALIGN;
   struct GNUNET_HashCode result;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
   unsigned int zeros;
   int ret;
   uint64_t pow_nbo;
 
   pc->current_pow++;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]);
 
   /**
    * Do not try duplicates
@@ -644,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
                  &pc->pow->timestamp,
                  sizeof (uint64_t));
   GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
-                 &pc->pow->key,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                 pk,
+                 GNUNET_IDENTITY_key_get_length (pk));
   GNUNET_CRYPTO_pow_hash (&salt,
                           buf,
                           sizeof(buf),
@@ -690,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
 }
 
 
+size_t
+GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  size_t size;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+
+  size = sizeof (struct GNUNET_REVOCATION_PowP);
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  size += GNUNET_IDENTITY_key_get_length (pk);
+
+  switch (ntohl (pk->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
+  default:
+    return 0;
+  }
+  return 0;
+}
+
+
 /* end of revocation_api.c */
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c
index b65567d79..c6457016f 100644
--- a/src/revocation/test_revocation.c
+++ b/src/revocation/test_revocation.c
@@ -38,8 +38,8 @@ struct TestPeer
   struct GNUNET_TESTBED_Operation *core_op;
   struct GNUNET_IDENTITY_Handle *idh;
   const struct GNUNET_CONFIGURATION_Handle *cfg;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
   struct GNUNET_CRYPTO_EcdsaSignature sig;
   struct GNUNET_IDENTITY_Operation *create_id_op;
   struct GNUNET_IDENTITY_EgoLookup *ego_lookup;
@@ -142,13 +142,13 @@ revocation_cb (void *cls, enum GNUNET_GenericReturnValue is_valid)
 }
 
 
-static struct GNUNET_REVOCATION_PowP proof_of_work;
+static struct GNUNET_REVOCATION_PowP *proof_of_work;
 
 static void
 ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 {
   static int completed = 0;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
 
   if ((NULL != ego) && (cls == &testpeers[0]))
   {
@@ -164,10 +164,10 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
     GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey);
     GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n");
     privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
-    memset (&proof_of_work, 0, sizeof (proof_of_work));
+    proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
     GNUNET_REVOCATION_pow_init (privkey,
-                                &proof_of_work);
-    testpeers[1].pow = GNUNET_REVOCATION_pow_start (&proof_of_work,
+                                proof_of_work);
+    testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work,
                                                     1,
                                                     5);
     int res =
@@ -184,7 +184,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n");
     testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg,
-                                                          &proof_of_work,
+                                                          proof_of_work,
                                                           &revocation_cb,
                                                           NULL);
     GNUNET_REVOCATION_pow_stop (testpeers[1].pow);
@@ -194,7 +194,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 
 static void
 identity_create_cb (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                    const struct GNUNET_IDENTITY_PrivateKey *pk,
                     const char *emsg)
 {
   static int completed = 0;
@@ -238,11 +238,13 @@ identity_completion_cb (void *cls,
   testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh,
                                                       "client",
                                                       NULL,
+                                                      GNUNET_IDENTITY_TYPE_ECDSA,
                                                       &identity_create_cb,
                                                       &testpeers[0]);
   testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh,
                                                       "toberevoked",
                                                       NULL,
+                                                      GNUNET_IDENTITY_TYPE_ECDSA,
                                                       &identity_create_cb,
                                                       &testpeers[1]);
 }
diff --git a/src/set/gnunet-service-set_union.c b/src/set/gnunet-service-set_union.c
index 87c6faf98..931d7e753 100644
--- a/src/set/gnunet-service-set_union.c
+++ b/src/set/gnunet-service-set_union.c
@@ -563,8 +563,8 @@ prepare_ibf_iterator (void *cls,
   struct IBF_Key salted_key;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "[OP %x] inserting %lx (hash %s) into ibf\n",
-       (void *) op,
+       "[OP %p] inserting %lx (hash %s) into ibf\n",
+       op,
        (unsigned long) ke->ibf_key.key_val,
        GNUNET_h2s (&ke->element->element_hash));
   salt_key (&ke->ibf_key,
@@ -929,7 +929,7 @@ handle_union_p2p_strata_estimator (void *cls,
       (0 == other_size))
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Deciding to go for full set transmission (diff=%d, own set=%u)\n",
+         "Deciding to go for full set transmission (diff=%d, own set=%llu)\n",
          diff,
          op->state->initial_size);
     GNUNET_STATISTICS_update (_GSS_statistics,
@@ -1004,8 +1004,8 @@ send_offers_iterator (void *cls,
   GNUNET_assert (NULL != ev);
   *(struct GNUNET_HashCode *) &mh[1] = ke->element->element_hash;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "[OP %x] sending element offer (%s) to peer\n",
-       (void *) op,
+       "[OP %p] sending element offer (%s) to peer\n",
+       op,
        GNUNET_h2s (&ke->element->element_hash));
   GNUNET_MQ_send (op->mq, ev);
   return GNUNET_YES;
@@ -2004,8 +2004,8 @@ handle_union_p2p_demand (void *cls,
     emsg->reserved = htons (0);
     emsg->element_type = htons (ee->element.element_type);
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "[OP %x] Sending demanded element (size %u, hash %s) to peer\n",
-         (void *) op,
+         "[OP %p] Sending demanded element (size %u, hash %s) to peer\n",
+         op,
          (unsigned int) ee->element.size,
          GNUNET_h2s (&ee->element_hash));
     GNUNET_MQ_send (op->mq, ev);
@@ -2120,8 +2120,8 @@ handle_union_p2p_offer (void *cls,
                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST));
 
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "[OP %x] Requesting element (hash %s)\n",
-         (void *) op, GNUNET_h2s (hash));
+         "[OP %p] Requesting element (hash %s)\n",
+         op, GNUNET_h2s (hash));
     ev = GNUNET_MQ_msg_header_extra (demands,
                                      sizeof(struct GNUNET_HashCode),
                                      GNUNET_MESSAGE_TYPE_SET_UNION_P2P_DEMAND);
diff --git a/src/set/set_api.c b/src/set/set_api.c
index ce4b1c965..a082c23c1 100644
--- a/src/set/set_api.c
+++ b/src/set/set_api.c
@@ -630,8 +630,7 @@ create_internal (const struct GNUNET_CONFIGURATION_Handle *cfg,
   else
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Creating new set (lazy copy)\n",
-         op);
+         "Creating new set (lazy copy)\n");
     mqm = GNUNET_MQ_msg (copy_msg,
                          GNUNET_MESSAGE_TYPE_SET_COPY_LAZY_CONNECT);
     copy_msg->cookie = *cookie;
diff --git a/src/setu/gnunet-service-setu.c b/src/setu/gnunet-service-setu.c
index 326589186..30f02ecac 100644
--- a/src/setu/gnunet-service-setu.c
+++ b/src/setu/gnunet-service-setu.c
@@ -1049,8 +1049,8 @@ prepare_ibf_iterator (void *cls,
   struct IBF_Key salted_key;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "[OP %x] inserting %lx (hash %s) into ibf\n",
-       (void *) op,
+       "[OP %p] inserting %lx (hash %s) into ibf\n",
+       op,
        (unsigned long) ke->ibf_key.key_val,
        GNUNET_h2s (&ke->element->element_hash));
   salt_key (&ke->ibf_key,
@@ -1429,7 +1429,7 @@ handle_union_p2p_strata_estimator (void *cls,
       (0 == other_size))
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Deciding to go for full set transmission (diff=%d, own set=%u)\n",
+         "Deciding to go for full set transmission (diff=%d, own set=%llu)\n",
          diff,
          op->initial_size);
     GNUNET_STATISTICS_update (_GSS_statistics,
@@ -1504,8 +1504,8 @@ send_offers_iterator (void *cls,
   GNUNET_assert (NULL != ev);
   *(struct GNUNET_HashCode *) &mh[1] = ke->element->element_hash;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "[OP %x] sending element offer (%s) to peer\n",
-       (void *) op,
+       "[OP %p] sending element offer (%s) to peer\n",
+       op,
        GNUNET_h2s (&ke->element->element_hash));
   GNUNET_MQ_send (op->mq, ev);
   return GNUNET_YES;
@@ -2403,8 +2403,8 @@ handle_union_p2p_demand (void *cls,
     emsg->reserved = htons (0);
     emsg->element_type = htons (ee->element.element_type);
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "[OP %x] Sending demanded element (size %u, hash %s) to peer\n",
-         (void *) op,
+         "[OP %p] Sending demanded element (size %u, hash %s) to peer\n",
+         op,
          (unsigned int) ee->element.size,
          GNUNET_h2s (&ee->element_hash));
     GNUNET_MQ_send (op->mq, ev);
@@ -2502,8 +2502,8 @@ handle_union_p2p_offer (void *cls,
                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST));
 
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "[OP %x] Requesting element (hash %s)\n",
-         (void *) op, GNUNET_h2s (hash));
+         "[OP %p] Requesting element (hash %s)\n",
+         op, GNUNET_h2s (hash));
     ev = GNUNET_MQ_msg_header_extra (demands,
                                      sizeof(struct GNUNET_HashCode),
                                      GNUNET_MESSAGE_TYPE_SETU_P2P_DEMAND);
diff --git a/src/testbed-logger/gnunet-service-testbed-logger.c b/src/testbed-logger/gnunet-service-testbed-logger.c
index 81652fa4f..bc2f0abe0 100644
--- a/src/testbed-logger/gnunet-service-testbed-logger.c
+++ b/src/testbed-logger/gnunet-service-testbed-logger.c
@@ -198,7 +198,7 @@ logger_run (void *cls,
   GNUNET_asprintf (&fn,
                    "%s/%.*s_%jd.dat",
                    dir,
-                   hname_len,
+                   (int) hname_len,
                    hname,
                    (intmax_t) pid);
   GNUNET_free (hname);
diff --git a/src/testbed/gnunet-service-testbed_cpustatus.c b/src/testbed/gnunet-service-testbed_cpustatus.c
index 70b865c73..440f2c24f 100644
--- a/src/testbed/gnunet-service-testbed_cpustatus.c
+++ b/src/testbed/gnunet-service-testbed_cpustatus.c
@@ -608,7 +608,7 @@ GST_stats_init (const struct GNUNET_CONFIGURATION_Handle *cfg)
     return;
   }
   fn = NULL;
-  (void) GNUNET_asprintf (&fn, "%s/%.*s-%jd.dat", stats_dir, len,
+  (void) GNUNET_asprintf (&fn, "%s/%.*s-%jd.dat", stats_dir, (int)len,
                           hostname, (intmax_t) getpid ());
   GNUNET_free (stats_dir);
   GNUNET_free (hostname);
diff --git a/src/testbed/testbed_api.c b/src/testbed/testbed_api.c
index 697783d96..09752ba28 100644
--- a/src/testbed/testbed_api.c
+++ b/src/testbed/testbed_api.c
@@ -448,7 +448,7 @@ handle_opsuccess (
   uint64_t op_id;
 
   op_id = GNUNET_ntohll (msg->operation_id);
-  LOG_DEBUG ("Operation %lu successful\n", op_id);
+  LOG_DEBUG ("Operation %llu successful\n", op_id);
   if (NULL == (opc = find_opc (c, op_id)))
   {
     LOG_DEBUG ("Operation not found\n");
diff --git a/src/testbed/testbed_api_topology.c b/src/testbed/testbed_api_topology.c
index 1d765af92..a9a340e99 100644
--- a/src/testbed/testbed_api_topology.c
+++ b/src/testbed/testbed_api_topology.c
@@ -1089,7 +1089,7 @@ gen_topo_from_file (struct TopologyContext *tc,
       if (tc->num_peers <= peer_id)
       {
         LOG (GNUNET_ERROR_TYPE_ERROR,
-             _ ("Topology file needs more peers than given ones\n"), filename);
+             _ ("Topology file needs more peers than given ones\n"));
         goto _exit;
       }
       state = OTHER_PEER_INDEX;
@@ -1114,7 +1114,7 @@ gen_topo_from_file (struct TopologyContext *tc,
       if (tc->num_peers <= other_peer_id)
       {
         LOG (GNUNET_ERROR_TYPE_ERROR,
-             _ ("Topology file needs more peers than given ones\n"), filename);
+             _ ("Topology file needs more peers than given ones\n"));
         goto _exit;
       }
       if (peer_id != other_peer_id)
@@ -1150,7 +1150,7 @@ gen_topo_from_file (struct TopologyContext *tc,
       }
       else
         LOG (GNUNET_ERROR_TYPE_WARNING,
-             _ ("Ignoring to connect peer %u to peer %u\n"),
+             _ ("Ignoring to connect peer %lu to peer %lu\n"),
              peer_id,
              other_peer_id);
       while (('\n' != data[offset]) && ('|' != data[offset]) && (offset < fs))
diff --git a/src/transport/plugin_transport_http_client.c b/src/transport/plugin_transport_http_client.c
index 92ed2fe52..219fae57b 100644
--- a/src/transport/plugin_transport_http_client.c
+++ b/src/transport/plugin_transport_http_client.c
@@ -769,10 +769,10 @@ http_client_plugin_send (void *cls,
   char *stat_txt;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Session %p/request %p: Sending message with %u to peer `%s' \n",
+       "Session %p/request %p: Sending message with %lu to peer `%s' \n",
        s,
        s->put.easyhandle,
-       msgbuf_size,
+       (unsigned long) msgbuf_size,
        GNUNET_i2s (&s->address->peer));
 
   /* create new message and schedule */
@@ -1087,11 +1087,10 @@ client_send_cb (void *stream,
   if (msg->pos == msg->size)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Session %p/request %p: sent message with %u bytes sent, removing message from queue\n",
+         "Session %p/request %p: sent message with %lu bytes sent, removing message from queue\n",
          s,
          s->put.easyhandle,
-         msg->size,
-         msg->pos);
+         (unsigned long) msg->size);
     /* Calling transmit continuation  */
     GNUNET_CONTAINER_DLL_remove (s->msg_head,
                                  s->msg_tail,
@@ -1249,10 +1248,10 @@ client_receive (void *stream,
   size_t len = size * nmemb;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Session %p / request %p: Received %u bytes from peer `%s'\n",
+       "Session %p / request %p: Received %lu bytes from peer `%s'\n",
        s,
        s->get.easyhandle,
-       len,
+       (unsigned long) len,
        GNUNET_i2s (&s->address->peer));
   now = GNUNET_TIME_absolute_get ();
   if (now.abs_value_us < s->next_receive.abs_value_us)
@@ -1346,7 +1345,7 @@ client_run (void *cls)
       /* Log status of terminated request */
       if ((0 != msg->data.result) || (http_statuscode != 200))
         LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "Session %p/request %p: %s request to `%s' ended with status %i reason %i: `%s'\n",
+             "Session %p/request %p: %s request to `%s' ended with status %li reason %i: `%s'\n",
              s, msg->easy_handle,
              (GNUNET_YES == put_request) ? "PUT" : "GET",
              GNUNET_i2s (&s->address->peer),
diff --git a/src/transport/plugin_transport_http_common.c b/src/transport/plugin_transport_http_common.c
index d81d6db9c..0e3778837 100644
--- a/src/transport/plugin_transport_http_common.c
+++ b/src/transport/plugin_transport_http_common.c
@@ -629,7 +629,7 @@ http_common_plugin_address_to_string (const char *plugin,
   if (addr_str[ntohl (address->urlen) - 1] != '\0')
     return NULL;
   GNUNET_asprintf (&res, "%s.%u.%s", plugin, ntohl (address->options),
-                   &address[1]);
+                   (char*)&address[1]);
   if (strlen (res) + 1 < 500)
   {
     GNUNET_memcpy (rbuf, res, strlen (res) + 1);
diff --git a/src/transport/plugin_transport_http_server.c b/src/transport/plugin_transport_http_server.c
index d1b21ba9c..6e95ca00c 100644
--- a/src/transport/plugin_transport_http_server.c
+++ b/src/transport/plugin_transport_http_server.c
@@ -745,10 +745,10 @@ http_server_plugin_send (void *cls,
   char *stat_txt;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Session %p/request %p: Sending message with %u to peer `%s'\n",
+       "Session %p/request %p: Sending message with %lu to peer `%s'\n",
        session,
        session->server_send,
-       msgbuf_size,
+       (unsigned long) msgbuf_size,
        GNUNET_i2s (&session->target));
 
   /* create new message and schedule */
@@ -1270,8 +1270,8 @@ server_parse_url (struct HTTP_Server_Plugin *plugin,
   if (hash_length != plugin->peer_id_length)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "URL target is %u bytes, expecting %u\n",
-         hash_length, plugin->peer_id_length);
+         "URL target is %lu bytes, expecting %u\n",
+         (unsigned long) hash_length, plugin->peer_id_length);
     return GNUNET_SYSERR;
   }
   if (GNUNET_OK !=
@@ -1616,8 +1616,8 @@ server_send_callback (void *cls,
   {
     sc->connected = GNUNET_YES;
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Sent %u bytes to peer `%s' with session %p \n",
-         bytes_read,
+         "Sent %lu bytes to peer `%s' with session %p \n",
+         (unsigned long) bytes_read,
          GNUNET_i2s (&s->target),
          s);
     GNUNET_asprintf (&stat_txt,
@@ -1761,14 +1761,14 @@ server_access_cb (void *cls,
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        _ (
-         "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data size %u\n"),
+         "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data size %lu\n"),
        sc,
        plugin->cur_request,
        plugin->max_request,
        method,
        version,
        url,
-       (*upload_data_size));
+       (unsigned long) (*upload_data_size));
   if (NULL == sc)
   {
     /* CORS pre-flight request */
@@ -1868,19 +1868,19 @@ server_access_cb (void *cls,
 
       /* (*upload_data_size > 0) for every segment received */
       LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Session %p / Connection %p: Peer `%s' PUT on address `%s' received %u bytes\n",
+           "Session %p / Connection %p: Peer `%s' PUT on address `%s' received %lu bytes\n",
            s, sc,
            GNUNET_i2s (&s->target),
            http_common_plugin_address_to_string (plugin->protocol,
                                                  s->address->address,
                                                  s->address->address_length),
-           *upload_data_size);
+           (unsigned long) *upload_data_size);
       delay = GNUNET_TIME_absolute_get_remaining (s->next_receive);
       if (0 == delay.rel_value_us)
       {
         LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "PUT with %u bytes forwarded to MST\n",
-             *upload_data_size);
+             "PUT with %lu bytes forwarded to MST\n",
+             (unsigned long) *upload_data_size);
         if (s->msg_tk == NULL)
         {
           s->msg_tk = GNUNET_MST_create (&server_receive_mst_cb,
diff --git a/src/transport/plugin_transport_tcp.c b/src/transport/plugin_transport_tcp.c
index e3bc21543..8378a64dd 100644
--- a/src/transport/plugin_transport_tcp.c
+++ b/src/transport/plugin_transport_tcp.c
@@ -2010,8 +2010,8 @@ do_transmit (void *cls, size_t size, void *buf)
       GNUNET_assert (pos->message_size <= session->bytes_in_queue);
       session->bytes_in_queue -= pos->message_size;
       LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Failed to transmit %u byte message to `%s'.\n",
-           pos->message_size,
+           "Failed to transmit %lu byte message to `%s'.\n",
+           (unsigned long) pos->message_size,
            GNUNET_i2s (&session->target));
       ret += pos->message_size;
       GNUNET_CONTAINER_DLL_insert_after (hd, tl, tl, pos);
@@ -2067,9 +2067,9 @@ do_transmit (void *cls, size_t size, void *buf)
     session->bytes_in_queue -= pos->message_size;
     GNUNET_assert (size >= pos->message_size);
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Transmitting message of type %u size %u to peer %s at %s\n",
+         "Transmitting message of type %u size %lu to peer %s at %s\n",
          ntohs (((struct GNUNET_MessageHeader *) pos->msg)->type),
-         pos->message_size,
+         (unsigned long) pos->message_size,
          GNUNET_i2s (&session->target),
          tcp_plugin_address_to_string (session->plugin,
                                        session->address->address,
@@ -2192,8 +2192,8 @@ tcp_plugin_send (void *cls,
   pm->transmit_cont_cls = cont_cls;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Asked to transmit %u bytes to `%s', added message to list.\n",
-       msgbuf_size,
+       "Asked to transmit %lu bytes to `%s', added message to list.\n",
+       (unsigned long) msgbuf_size,
        GNUNET_i2s (&session->target));
 
   if (GNUNET_YES ==
diff --git a/src/transport/plugin_transport_udp.c b/src/transport/plugin_transport_udp.c
index ec3a0edd8..49e84dfe7 100644
--- a/src/transport/plugin_transport_udp.c
+++ b/src/transport/plugin_transport_udp.c
@@ -1821,7 +1821,8 @@ enqueue_fragment (void *cls, const struct GNUNET_MessageHeader *msg)
   struct GNUNET_ATS_Session *session = frag_ctx->session;
   size_t msg_len = ntohs (msg->size);
 
-  LOG (GNUNET_ERROR_TYPE_DEBUG, "Enqueuing fragment with %u bytes\n", msg_len);
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "Enqueuing fragment with %lu bytes\n",
+       (unsigned long) msg_len);
   udpw = GNUNET_malloc (sizeof(struct UDP_MessageWrapper) + msg_len);
   udpw->session = session;
   udpw->msg_buf = (char *) &udpw[1];
@@ -1996,8 +1997,8 @@ udp_plugin_send (void *cls,
     return GNUNET_SYSERR;
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "UDP transmits %u-byte message to `%s' using address `%s'\n",
-       udpmlen,
+       "UDP transmits %lu-byte message to `%s' using address `%s'\n",
+       (unsigned long) udpmlen,
        GNUNET_i2s (&s->target),
        udp_address_to_string (plugin,
                               s->address->address,
@@ -3113,18 +3114,18 @@ remove_timeout_messages_and_select (struct Plugin *plugin,
       {
         /* this message is not delayed */
         LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "Message for peer `%s' (%u bytes) is not delayed \n",
+             "Message for peer `%s' (%lu bytes) is not delayed \n",
              GNUNET_i2s (&udpw->session->target),
-             udpw->payload_size);
+             (unsigned long) udpw->payload_size);
         break;       /* Found message to send, break */
       }
       else
       {
         /* Message is delayed, try next */
         LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "Message for peer `%s' (%u bytes) is delayed for %s\n",
+             "Message for peer `%s' (%lu bytes) is delayed for %s\n",
              GNUNET_i2s (&udpw->session->target),
-             udpw->payload_size,
+             (unsigned long) udpw->payload_size,
              GNUNET_STRINGS_relative_time_to_string (remaining, GNUNET_YES));
         udpw = udpw->next;
       }
diff --git a/src/transport/plugin_transport_unix.c b/src/transport/plugin_transport_unix.c
index 9d3e7d354..2324914c9 100644
--- a/src/transport/plugin_transport_unix.c
+++ b/src/transport/plugin_transport_unix.c
@@ -1304,8 +1304,8 @@ unix_plugin_send (void *cls,
     return GNUNET_SYSERR;
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Sending %u bytes with session for peer `%s' `%s'\n",
-       msgbuf_size,
+       "Sending %lu bytes with session for peer `%s' `%s'\n",
+       (unsigned long) msgbuf_size,
        GNUNET_i2s (&session->target),
        unix_plugin_address_to_string (NULL,
                                       session->address->address,
diff --git a/src/transport/tcp_connection_legacy.c b/src/transport/tcp_connection_legacy.c
index 3e173b8a4..924362ef2 100644
--- a/src/transport/tcp_connection_legacy.c
+++ b/src/transport/tcp_connection_legacy.c
@@ -1142,9 +1142,9 @@ RETRY:
     return;
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "receive_ready read %u/%u bytes from `%s' (%p)!\n",
-       (unsigned int) ret,
-       connection->max,
+       "receive_ready read %lu/%lu bytes from `%s' (%p)!\n",
+       (unsigned long) ret,
+       (unsigned long) connection->max,
        GNUNET_a2s (connection->addr, connection->addrlen),
        connection);
   GNUNET_assert (NULL != (receiver = connection->receiver));
@@ -1327,8 +1327,8 @@ connect_error (void *cls)
   GNUNET_CONNECTION_TransmitReadyNotify notify;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Transmission request of size %u fails (%s/%u), connection failed (%p).\n",
-       connection->nth.notify_size,
+       "Transmission request of size %lu fails (%s/%u), connection failed (%p).\n",
+       (unsigned long) connection->nth.notify_size,
        connection->hostname,
        connection->port,
        connection);
@@ -1423,9 +1423,9 @@ RETRY:
     return;
   }
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Connection transmitted %u/%u bytes to `%s' (%p)\n",
-       (unsigned int) ret,
-       have,
+       "Connection transmitted %lu/%lu bytes to `%s' (%p)\n",
+       (unsigned long) ret,
+       (unsigned long) have,
        GNUNET_a2s (connection->addr, connection->addrlen),
        connection);
   connection->write_buffer_pos += ret;
diff --git a/src/transport/tcp_service_legacy.c b/src/transport/tcp_service_legacy.c
index 12dce3993..8606b353b 100644
--- a/src/transport/tcp_service_legacy.c
+++ b/src/transport/tcp_service_legacy.c
@@ -1433,7 +1433,7 @@ LEGACY_SERVICE_run (int argc,
   {
     clock_offset = skew_offset - skew_variance;
     GNUNET_TIME_set_offset (clock_offset);
-    LOG (GNUNET_ERROR_TYPE_DEBUG, "Skewing clock by %dll ms\n", clock_offset);
+    LOG (GNUNET_ERROR_TYPE_DEBUG, "Skewing clock by %lld ms\n", clock_offset);
   }
   /* actually run service */
   err = 0;
diff --git a/src/util/bio.c b/src/util/bio.c
index 39050bb87..43a2abc89 100644
--- a/src/util/bio.c
+++ b/src/util/bio.c
@@ -356,10 +356,10 @@ GNUNET_BIO_read_string (struct GNUNET_BIO_ReadHandle *h,
   if (big > max_length)
   {
     GNUNET_asprintf (&h->emsg,
-                     _ ("String `%s' longer than allowed (%u > %u)"),
+                     _ ("String `%s' longer than allowed (%u > %lu)"),
                      what,
                      big,
-                     max_length);
+                     (unsigned long) max_length);
     return GNUNET_SYSERR;
   }
   buf = GNUNET_malloc (big);
diff --git a/src/zonemaster/Makefile.am b/src/zonemaster/Makefile.am
index 3d248efd8..f2d569c75 100644
--- a/src/zonemaster/Makefile.am
+++ b/src/zonemaster/Makefile.am
@@ -24,6 +24,7 @@ gnunet_service_zonemaster_SOURCES = \
 gnunet_service_zonemaster_LDADD = \
   $(top_builddir)/src/dht/libgnunetdht.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la  \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/namestore/libgnunetnamestore.la \
@@ -32,10 +33,10 @@ gnunet_service_zonemaster_LDADD = \
 
 gnunet_service_zonemaster_monitor_SOURCES = \
  gnunet-service-zonemaster-monitor.c
-
 gnunet_service_zonemaster_monitor_LDADD = \
   $(top_builddir)/src/dht/libgnunetdht.la \
   $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la  \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(top_builddir)/src/namestore/libgnunetnamestore.la \
diff --git a/src/zonemaster/gnunet-service-zonemaster-monitor.c b/src/zonemaster/gnunet-service-zonemaster-monitor.c
index 4a368048e..c6dd2b6ca 100644
--- a/src/zonemaster/gnunet-service-zonemaster-monitor.c
+++ b/src/zonemaster/gnunet-service-zonemaster-monitor.c
@@ -240,7 +240,7 @@ convert_records_for_export (const struct GNUNET_GNSRECORD_Data *rd,
  * @return DHT PUT handle, NULL on error
  */
 static struct GNUNET_DHT_PutHandle *
-perform_dht_put (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+perform_dht_put (const struct GNUNET_IDENTITY_PrivateKey *key,
                  const char *label,
                  const struct GNUNET_GNSRECORD_Data *rd_public,
                  unsigned int rd_public_count,
@@ -271,9 +271,7 @@ perform_dht_put (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
     GNUNET_break (0);
     return NULL;   /* whoops */
   }
-  block_size = ntohl (block->purpose.size)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
+  block_size = GNUNET_GNSRECORD_block_get_size (block);
   GNUNET_GNSRECORD_query_from_private_key (key,
                                            label,
                                            &query);
@@ -314,7 +312,7 @@ perform_dht_put (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  */
 static void
 handle_monitor_event (void *cls,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                      const struct GNUNET_IDENTITY_PrivateKey *zone,
                       const char *label,
                       unsigned int rd_count,
                       const struct GNUNET_GNSRECORD_Data *rd)
diff --git a/src/zonemaster/gnunet-service-zonemaster.c b/src/zonemaster/gnunet-service-zonemaster.c
index c5aab8d92..11fa9921d 100644
--- a/src/zonemaster/gnunet-service-zonemaster.c
+++ b/src/zonemaster/gnunet-service-zonemaster.c
@@ -579,7 +579,7 @@ convert_records_for_export (const struct GNUNET_GNSRECORD_Data *rd,
  * @return DHT PUT handle, NULL on error
  */
 static struct GNUNET_DHT_PutHandle *
-perform_dht_put (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+perform_dht_put (const struct GNUNET_IDENTITY_PrivateKey *key,
                  const char *label,
                  const struct GNUNET_GNSRECORD_Data *rd_public,
                  unsigned int rd_public_count,
@@ -610,9 +610,7 @@ perform_dht_put (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
     GNUNET_break (0);
     return NULL;   /* whoops */
   }
-  block_size = ntohl (block->purpose.size)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)
-               + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
+  block_size = GNUNET_GNSRECORD_block_get_size (block);
   GNUNET_GNSRECORD_query_from_private_key (key,
                                            label,
                                            &query);
@@ -725,7 +723,7 @@ zone_iteration_finished (void *cls)
  */
 static void
 put_gns_record (void *cls,
-                const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+                const struct GNUNET_IDENTITY_PrivateKey *key,
                 const char *label,
                 unsigned int rd_count,
                 const struct GNUNET_GNSRECORD_Data *rd)