Merge branch 'master' of ssh://git.gnunet.org/gnunet. Undeleted src/hello/gnunet-hello.c, because it is still needed.

22 files changed, 773 insertions, 1034 deletions

diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 03983eaa0..e39f467b9 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -47,8 +47,6 @@ gnunetinclude_HEADERS = \
   gnunet_dnsstub_lib.h \
   gnunet_dns_service.h \
   gnunet_error_codes.h \
-  gnunet_fragmentation_lib.h \
-  gnunet_friends_lib.h \
   gnunet_fs_service.h \
   gnunet_getopt_lib.h \
   gnunet_gns_service.h \
@@ -121,6 +119,7 @@ gnunetinclude_HEADERS = \
   gnunet_time_lib.h \
   gnunet_transport_application_service.h \
   gnunet_transport_communication_service.h \
+  gnunet_transport_monitor_service.h \
   gnunet_transport_core_service.h \
   gnunet_transport_hello_service.h \
   gnunet_transport_testing_ng_lib.h \
diff --git a/src/include/gnunet_abd_service.h b/src/include/gnunet_abd_service.h
index 75c1757ab..cb6e77256 100644
--- a/src/include/gnunet_abd_service.h
+++ b/src/include/gnunet_abd_service.h
@@ -107,7 +107,7 @@ struct GNUNET_ABD_DelegationRecordSet
   /**
    * Public key of the subject this attribute was delegated to
    */
-  struct GNUNET_IDENTITY_PublicKey subject_key;
+  struct GNUNET_CRYPTO_PublicKey subject_key;
 
   /**
    * Length of attribute, may be 0
@@ -127,7 +127,7 @@ struct GNUNET_ABD_DelegationSet
   /**
    * Public key of the subject this attribute was delegated to
    */
-  struct GNUNET_IDENTITY_PublicKey subject_key;
+  struct GNUNET_CRYPTO_PublicKey subject_key;
 
   uint32_t subject_attribute_len;
 
@@ -147,12 +147,12 @@ struct GNUNET_ABD_Delegation
   /**
    * The issuer of the delegation
    */
-  struct GNUNET_IDENTITY_PublicKey issuer_key;
+  struct GNUNET_CRYPTO_PublicKey issuer_key;
 
   /**
    * Public key of the subject this attribute was delegated to
    */
-  struct GNUNET_IDENTITY_PublicKey subject_key;
+  struct GNUNET_CRYPTO_PublicKey subject_key;
 
   /**
    * Length of the attribute
@@ -185,17 +185,17 @@ struct GNUNET_ABD_Delegate
   /**
    * The issuer of the credential
    */
-  struct GNUNET_IDENTITY_PublicKey issuer_key;
+  struct GNUNET_CRYPTO_PublicKey issuer_key;
 
   /**
    * Public key of the subject this credential was issued to
    */
-  struct GNUNET_IDENTITY_PublicKey subject_key;
+  struct GNUNET_CRYPTO_PublicKey subject_key;
 
   /**
    * Signature of this credential
    */
-  struct GNUNET_IDENTITY_Signature signature;
+  struct GNUNET_CRYPTO_Signature signature;
 
   /**
    * Expiration of this credential
@@ -322,9 +322,9 @@ typedef void (*GNUNET_ABD_RemoveDelegateResultProcessor) (void *cls,
  */
 struct GNUNET_ABD_Request*
   GNUNET_ABD_verify (struct GNUNET_ABD_Handle *handle,
-                     const struct GNUNET_IDENTITY_PublicKey *issuer_key,
+                     const struct GNUNET_CRYPTO_PublicKey *issuer_key,
                      const char *issuer_attribute,
-                     const struct GNUNET_IDENTITY_PublicKey *subject_key,
+                     const struct GNUNET_CRYPTO_PublicKey *subject_key,
                      uint32_t delegate_count,
                      const struct GNUNET_ABD_Delegate *delegates,
                      enum GNUNET_ABD_AlgoDirectionFlags direction,
@@ -335,9 +335,9 @@ struct GNUNET_ABD_Request*
 
 struct GNUNET_ABD_Request*
   GNUNET_ABD_collect (struct GNUNET_ABD_Handle *handle,
-                      const struct GNUNET_IDENTITY_PublicKey *issuer_key,
+                      const struct GNUNET_CRYPTO_PublicKey *issuer_key,
                       const char *issuer_attribute,
-                      const struct GNUNET_IDENTITY_PrivateKey *subject_key,
+                      const struct GNUNET_CRYPTO_PrivateKey *subject_key,
                       enum GNUNET_ABD_AlgoDirectionFlags direction,
                       GNUNET_ABD_CredentialResultProcessor proc,
                       void *proc_cls,
@@ -360,7 +360,7 @@ struct GNUNET_ABD_Request *
 GNUNET_ABD_add_delegation (struct GNUNET_ABD_Handle *handle,
                            struct GNUNET_IDENTITY_Ego *issuer,
                            const char *attribute,
-                           struct GNUNET_IDENTITY_PublicKey *subject,
+                           struct GNUNET_CRYPTO_PublicKey *subject,
                            const char *delegated_attribute,
                            GNUNET_ABD_DelegateResultProcessor proc,
                            void *proc_cls);
@@ -393,8 +393,8 @@ GNUNET_ABD_remove_delegation (struct GNUNET_ABD_Handle *handle,
  * @return handle to the queued request
  */
 struct GNUNET_ABD_Delegate*
-GNUNET_ABD_delegate_issue (const struct GNUNET_IDENTITY_PrivateKey *issuer,
-                           struct GNUNET_IDENTITY_PublicKey *subject,
+GNUNET_ABD_delegate_issue (const struct GNUNET_CRYPTO_PrivateKey *issuer,
+                           struct GNUNET_CRYPTO_PublicKey *subject,
                            const char *iss_attr,
                            const char *sub_attr,
                            struct GNUNET_TIME_Absolute *expiration);
diff --git a/src/include/gnunet_conversation_service.h b/src/include/gnunet_conversation_service.h
index 7d54914d1..7857a49cf 100644
--- a/src/include/gnunet_conversation_service.h
+++ b/src/include/gnunet_conversation_service.h
@@ -151,7 +151,7 @@ typedef void
                                          struct GNUNET_CONVERSATION_Caller *
                                          caller,
                                          const struct
-                                         GNUNET_IDENTITY_PublicKey *caller_id);
+                                         GNUNET_CRYPTO_PublicKey *caller_id);
 
 
 /**
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 44dfb4e44..ca51f586c 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -348,6 +348,105 @@ struct GNUNET_CRYPTO_Edx25519Signature
   unsigned char s[256 / 8];
 };
 
+/**
+ * Key type for the generic public key union
+ */
+enum GNUNET_CRYPTO_KeyType
+{
+  /**
+   * The identity type. The value is the same as the
+   * PKEY record type.
+   */
+  GNUNET_PUBLIC_KEY_TYPE_ECDSA = 65536,
+
+  /**
+   * EDDSA identity. The value is the same as the EDKEY
+   * record type.
+   */
+  GNUNET_PUBLIC_KEY_TYPE_EDDSA = 65556
+};
+
+/**
+ * A private key for an identity as per LSD0001.
+ * Note that these types are NOT packed and MUST NOT be used in RPC
+ * messages. Use the respective serialization functions.
+ */
+struct GNUNET_CRYPTO_PrivateKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
+
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
+  };
+};
+
+
+/**
+ * An identity key as per LSD0001.
+ */
+struct GNUNET_CRYPTO_PublicKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
+
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
+  };
+};
+
+
+/**
+ * An identity signature as per LSD0001.
+ */
+struct GNUNET_CRYPTO_Signature
+{
+  /**
+   * Type of signature.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+
+  union
+  {
+    /**
+     * An ECDSA signature
+     */
+    struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature;
+
+    /**
+     * AN EdDSA signature
+     */
+    struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
+  };
+};
 
 /**
  * @brief type for session keys
@@ -3073,6 +3172,473 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
                          size_t msg_len);
 
 
+/**
+ * Get the compacted length of a #GNUNET_CRYPTO_PublicKey.
+ * Compacted means that it returns the minimum number of bytes this
+ * key is long, as opposed to the union structure inside
+ * #GNUNET_CRYPTO_PublicKey.
+ * Useful for compact serializations.
+ *
+ * @param key the key.
+ * @return -1 on error, else the compacted length of the key.
+ */
+ssize_t
+GNUNET_CRYPTO_public_key_get_length (const struct
+                                       GNUNET_CRYPTO_PublicKey *key);
+
+/**
+ * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer.
+ * The buffer has to contain at least the compacted length of
+ * a #GNUNET_CRYPTO_PublicKey in bytes.
+ * If the buffer is too small, the function returns -1 as error.
+ * If the buffer does not contain a valid key, it returns -2 as error.
+ *
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @param key the key
+ * @param the amount of bytes read from the buffer
+ * @return #GNUNET_SYSERR on error
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_read_public_key_from_buffer (
+  const void *buffer,
+  size_t len,
+  struct GNUNET_CRYPTO_PublicKey *key,
+  size_t *read);
+
+/**
+ * Get the compacted length of a #GNUNET_CRYPTO_PrivateKey.
+ * Compacted means that it returns the minimum number of bytes this
+ * key is long, as opposed to the union structure inside
+ * #GNUNET_CRYPTO_PrivateKey.
+ * Useful for compact serializations.
+ *
+ * @param key the key.
+ * @return -1 on error, else the compacted length of the key.
+ */
+ssize_t
+GNUNET_CRYPTO_private_key_get_length (
+  const struct GNUNET_CRYPTO_PrivateKey *key);
+
+
+/**
+ * Writes a #GNUNET_CRYPTO_PublicKey to a compact buffer.
+ * The buffer requires space for at least the compacted length of
+ * a #GNUNET_CRYPTO_PublicKey in bytes.
+ * If the buffer is too small, the function returns -1 as error.
+ * If the key is not valid, it returns -2 as error.
+ *
+ * @param key the key
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @return -1 or -2 on error, else the amount of bytes written to the buffer
+ */
+ssize_t
+GNUNET_CRYPTO_write_public_key_to_buffer (const struct
+                                            GNUNET_CRYPTO_PublicKey *key,
+                                            void*buffer,
+                                            size_t len);
+
+
+/**
+ * Reads a #GNUNET_CRYPTO_PrivateKey from a compact buffer.
+ * The buffer has to contain at least the compacted length of
+ * a #GNUNET_CRYPTO_PrivateKey in bytes.
+ * If the buffer is too small, the function returns GNUNET_SYSERR as error.
+ *
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @param key the key
+ * @param the amount of bytes read from the buffer
+ * @return #GNUNET_SYSERR on error
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_read_private_key_from_buffer (
+  const void*buffer,
+  size_t len,
+  struct GNUNET_CRYPTO_PrivateKey *key,
+  size_t *read);
+
+
+/**
+ * Writes a #GNUNET_CRYPTO_PrivateKey to a compact buffer.
+ * The buffer requires space for at least the compacted length of
+ * a #GNUNET_CRYPTO_PrivateKey in bytes.
+ * If the buffer is too small, the function returns -1 as error.
+ * If the key is not valid, it returns -2 as error.
+ *
+ * @param key the key
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @return -1 or -2 on error, else the amount of bytes written to the buffer
+ */
+ssize_t
+GNUNET_CRYPTO_write_private_key_to_buffer (
+  const struct GNUNET_CRYPTO_PrivateKey *key,
+  void*buffer,
+  size_t len);
+
+
+/**
+ * Get the compacted length of a #GNUNET_CRYPTO_Signature.
+ * Compacted means that it returns the minimum number of bytes this
+ * signature is long, as opposed to the union structure inside
+ * #GNUNET_CRYPTO_Signature.
+ * Useful for compact serializations.
+ *
+ * @param sig the signature.
+ * @return -1 on error, else the compacted length of the signature.
+ */
+ssize_t
+GNUNET_CRYPTO_signature_get_length (
+  const struct GNUNET_CRYPTO_Signature *sig);
+
+
+/**
+ * Get the compacted length of a signature by type.
+ * Compacted means that it returns the minimum number of bytes this
+ * signature is long, as opposed to the union structure inside
+ * #GNUNET_CRYPTO_Signature.
+ * Useful for compact serializations.
+ *
+ * @param sig the signature.
+ * @return -1 on error, else the compacted length of the signature.
+ */
+ssize_t
+GNUNET_CRYPTO_signature_get_raw_length_by_type (uint32_t type);
+
+
+/**
+ * Reads a #GNUNET_CRYPTO_Signature from a compact buffer.
+ * The buffer has to contain at least the compacted length of
+ * a #GNUNET_CRYPTO_Signature in bytes.
+ * If the buffer is too small, the function returns -1 as error.
+ * If the buffer does not contain a valid key, it returns -2 as error.
+ *
+ * @param sig the signature
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @return -1 or -2 on error, else the amount of bytes read from the buffer
+ */
+ssize_t
+GNUNET_CRYPTO_read_signature_from_buffer (
+  struct GNUNET_CRYPTO_Signature *sig,
+  const void*buffer,
+  size_t len);
+
+
+/**
+ * Writes a #GNUNET_CRYPTO_Signature to a compact buffer.
+ * The buffer requires space for at least the compacted length of
+ * a #GNUNET_CRYPTO_Signature in bytes.
+ * If the buffer is too small, the function returns -1 as error.
+ * If the key is not valid, it returns -2 as error.
+ *
+ * @param sig the signature
+ * @param buffer the buffer
+ * @param len the length of buffer
+ * @return -1 or -2 on error, else the amount of bytes written to the buffer
+ */
+ssize_t
+GNUNET_CRYPTO_write_signature_to_buffer (
+  const struct GNUNET_CRYPTO_Signature *sig,
+  void*buffer,
+  size_t len);
+
+
+/**
+ * @brief Sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header. If possible,
+ * use #GNUNET_CRYPTO_sign() instead of this function.
+ *
+ * @param priv private key to use for the signing
+ * @param purpose what to sign (size, purpose)
+ * @param[out] sig where to write the signature
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_sign_ (
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_Signature *sig);
+
+/**
+ * @brief Sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ * The signature payload and length depends on the key type.
+ *
+ * @param priv private key to use for the signing
+ * @param purpose what to sign (size, purpose)
+ * @param[out] sig where to write the signature
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_sign_raw_ (
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  unsigned char *sig);
+
+
+/**
+ * @brief Sign a given block with #GNUNET_CRYPTO_PrivateKey.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_sign(priv,ps,sig) do {                \
+          /* check size is set correctly */                                     \
+          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
+          /* check 'ps' begins with the purpose */                              \
+          GNUNET_static_assert (((void*) (ps)) ==                               \
+                                ((void*) &(ps)->purpose));                      \
+          GNUNET_assert (GNUNET_OK ==                                           \
+                         GNUNET_CRYPTO_sign_ (priv,               \
+                                                &(ps)->purpose,             \
+                                                sig));                      \
+} while (0)
+
+
+/**
+ * @brief Verify a given signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature
+ * is to be verified. The `size` field in @a validate must correctly indicate
+ * the number of bytes of the data structure, including its header.  If @a
+ * purpose does not match the purpose given in @a validate (the latter must be
+ * in big endian), signature verification fails.  If possible,
+ * use #GNUNET_CRYPTO_signature_verify() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
+ *
+ * @param purpose what is the purpose that the signature should have?
+ * @param validate block to validate (size, purpose, data)
+ * @param sig signature that is being validated
+ * @param pub public key of the signer
+ * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_signature_verify_ (
+  uint32_t purpose,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+  const struct GNUNET_CRYPTO_Signature *sig,
+  const struct GNUNET_CRYPTO_PublicKey *pub);
+
+/**
+ * @brief Verify a given signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature
+ * is to be verified. The `size` field in @a validate must correctly indicate
+ * the number of bytes of the data structure, including its header.  If @a
+ * purpose does not match the purpose given in @a validate (the latter must be
+ * in big endian), signature verification fails.
+ *
+ * @param purpose what is the purpose that the signature should have?
+ * @param validate block to validate (size, purpose, data)
+ * @param sig signature that is being validated
+ * @param pub public key of the signer
+ * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_signature_verify_raw_ (
+  uint32_t purpose,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+  const unsigned char *sig,
+  const struct GNUNET_CRYPTO_PublicKey *pub);
+
+
+/**
+ * @brief Verify a given signature with #GNUNET_CRYPTO_PublicKey.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ *              (except in host byte order)
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to read the signature from
+ * @param pub public key to use for the verifying
+ */
+#define GNUNET_CRYPTO_signature_verify(purp,ps,sig,pub) ({             \
+    /* check size is set correctly */                                     \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
+    /* check 'ps' begins with the purpose */                              \
+    GNUNET_static_assert (((void*) (ps)) ==                               \
+                          ((void*) &(ps)->purpose));                      \
+    GNUNET_CRYPTO_signature_verify_ (purp,                              \
+                                       &(ps)->purpose,                    \
+                                       sig,                               \
+                                       pub);                              \
+  })
+
+
+/**
+ * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a
+ * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
+ * using ecdh to derive a symmetric key.
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param pub public key to use for ecdh
+ * @param ecc where to write the ecc public key
+ * @param result the output parameter in which to store the encrypted result
+ *               can be the same or overlap with @c block
+ * @returns the size of the encrypted block, -1 for errors.
+ *          Due to the use of CFB and therefore an effective stream cipher,
+ *          this size should be the same as @c len.
+ */
+ssize_t
+GNUNET_CRYPTO_encrypt_old (const void *block,
+                             size_t size,
+                             const struct GNUNET_CRYPTO_PublicKey *pub,
+                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             void *result);
+
+
+/**
+ * Decrypt a given block with #GNUNET_CRYPTO_PrivateKey and a given
+ * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
+ *
+ * @param block the data to decrypt, encoded as returned by encrypt
+ * @param size the size of the @a block to decrypt
+ * @param priv private key to use for ecdh
+ * @param ecc the ecc public key
+ * @param result address to store the result at
+ *               can be the same or overlap with @c block
+ * @return -1 on failure, size of decrypted block on success.
+ *         Due to the use of CFB and therefore an effective stream cipher,
+ *         this size should be the same as @c size.
+ */
+ssize_t
+GNUNET_CRYPTO_decrypt_old (
+  const void *block,
+  size_t size,
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+  void *result);
+
+#define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \
+                                                + sizeof (struct \
+                                                          GNUNET_CRYPTO_FoKemC))
+
+/**
+ * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a
+ * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
+ * using ecdh to derive a symmetric key.
+ *
+ * Note that the result buffer for the ciphertext must be the length of
+ * the message to encrypt plus #GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES.
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param pub public key to encrypt for
+ * @param result the output parameter in which to store the encrypted result
+ *               can be the same or overlap with @c block
+ * @returns GNUNET_OK on success.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_encrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_CRYPTO_PublicKey *pub,
+                         void *result,
+                         size_t result_size);
+
+
+/**
+ * Decrypt a given block with #GNUNET_CRYPTO_PrivateKey and a given
+ * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
+ *
+ * @param block the data to decrypt, encoded as returned by encrypt
+ * @param size the size of the @a block to decrypt
+ * @param priv private key to use for ecdh
+ * @param result address to store the result at
+ *               can be the same or overlap with @c block
+ * @returns GNUNET_OK on success.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_decrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_CRYPTO_PrivateKey *priv,
+                         void *result,
+                         size_t result_size);
+
+
+/**
+ * Creates a (Base32) string representation of the public key.
+ * The resulting string encodes a compacted representation of the key.
+ * See also #GNUNET_CRYPTO_key_get_length.
+ *
+ * @param key the key.
+ * @return the string representation of the key, or NULL on error.
+ */
+char *
+GNUNET_CRYPTO_public_key_to_string (
+  const struct GNUNET_CRYPTO_PublicKey *key);
+
+
+/**
+ * Creates a (Base32) string representation of the private key.
+ * The resulting string encodes a compacted representation of the key.
+ * See also #GNUNET_CRYPTO_key_get_length.
+ *
+ * @param key the key.
+ * @return the string representation of the key, or NULL on error.
+ */
+char *
+GNUNET_CRYPTO_private_key_to_string (
+  const struct GNUNET_CRYPTO_PrivateKey *key);
+
+
+/**
+ * Parses a (Base32) string representation of the public key.
+ * See also #GNUNET_CRYPTO_public_key_to_string.
+ *
+ * @param str the encoded key.
+ * @param key where to write the key.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_public_key_from_string (const char*str,
+                                        struct GNUNET_CRYPTO_PublicKey *key);
+
+
+/**
+ * Parses a (Base32) string representation of the private key.
+ * See also #GNUNET_CRYPTO_private_key_to_string.
+ *
+ * @param str the encoded key.
+ * @param key where to write the key.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_private_key_from_string (const char*str,
+                                         struct GNUNET_CRYPTO_PrivateKey *key);
+
+
+/**
+ * Retrieves the public key representation of a private key.
+ *
+ * @param privkey the private key.
+ * @param key the public key result.
+ * @return GNUNET_SYSERR on error.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_key_get_public (const struct
+                                GNUNET_CRYPTO_PrivateKey *privkey,
+                                struct GNUNET_CRYPTO_PublicKey *key);
+
+
+
 #if 0 /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/include/gnunet_fragmentation_lib.h b/src/include/gnunet_fragmentation_lib.h
deleted file mode 100644
index c8e99826a..000000000
--- a/src/include/gnunet_fragmentation_lib.h
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
-     This file is part of GNUnet
-     Copyright (C) 2009, 2011, 2015 GNUnet e.V.
-
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-/**
- * @addtogroup Backbone
- * @{
- *
- * @author Christian Grothoff
- *
- * @file
- * Library to help fragment messages
- *
- * @defgroup fragmentation  Fragmentation library
- * Library to help fragment messages
- * @{
- *
- * @todo Consider additional flow-control for sending from
- *       fragmentation based on continuations.
- */
-
-#ifndef GNUNET_FRAGMENTATION_LIB_H
-#define GNUNET_FRAGMENTATION_LIB_H
-
-
-#include "gnunet_util_lib.h"
-#include "gnunet_statistics_service.h"
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0                           /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-
-/**
- * Fragmentation context.
- */
-struct GNUNET_FRAGMENT_Context;
-
-
-/**
- * Function that is called with messages created by the fragmentation
- * module.  In the case of the 'proc' callback of the
- * #GNUNET_FRAGMENT_context_create() function, this function must
- * eventually call #GNUNET_FRAGMENT_context_transmission_done().
- *
- * @param cls closure
- * @param msg the message that was created
- */
-typedef void
-(*GNUNET_FRAGMENT_MessageProcessor) (void *cls,
-                                     const struct GNUNET_MessageHeader *msg);
-
-
-/**
- * Create a fragmentation context for the given message.
- * Fragments the message into fragments of size @a mtu or
- * less.  Calls @a proc on each un-acknowledged fragment,
- * using both the expected @a msg_delay between messages and
- * acknowledgements and the given @a tracker to guide the
- * frequency of calls to @a proc.
- *
- * @param stats statistics context
- * @param mtu the maximum message size for each fragment
- * @param tracker bandwidth tracker to use for flow control (can be NULL)
- * @param msg_delay initial delay to insert between fragment transmissions
- *              based on previous messages
- * @param ack_delay expected delay between fragment transmission
- *              and ACK based on previous messages
- * @param msg the message to fragment
- * @param proc function to call for each fragment to transmit
- * @param proc_cls closure for proc
- * @return the fragmentation context
- */
-struct GNUNET_FRAGMENT_Context *
-GNUNET_FRAGMENT_context_create (struct GNUNET_STATISTICS_Handle *stats,
-                                uint16_t mtu,
-                                struct GNUNET_BANDWIDTH_Tracker *tracker,
-                                struct GNUNET_TIME_Relative msg_delay,
-                                struct GNUNET_TIME_Relative ack_delay,
-                                const struct GNUNET_MessageHeader *msg,
-                                GNUNET_FRAGMENT_MessageProcessor proc,
-                                void *proc_cls);
-
-
-/**
- * Continuation to call from the 'proc' function after the fragment
- * has been transmitted (and hence the next fragment can now be
- * given to proc).
- *
- * @param fc fragmentation context
- */
-void
-GNUNET_FRAGMENT_context_transmission_done (struct GNUNET_FRAGMENT_Context *fc);
-
-
-/**
- * Process an acknowledgement message we got from the other
- * side (to control re-transmits).
- *
- * @param fc fragmentation context
- * @param msg acknowledgement message we received
- * @return #GNUNET_OK if this ack completes the work of the 'fc'
- *                   (all fragments have been received);
- *         #GNUNET_NO if more messages are pending
- *         #GNUNET_SYSERR if this ack is not valid for this fc
- */
-int
-GNUNET_FRAGMENT_process_ack (struct GNUNET_FRAGMENT_Context *fc,
-                             const struct GNUNET_MessageHeader *msg);
-
-
-/**
- * Destroy the given fragmentation context (stop calling 'proc', free
- * resources).
- *
- * @param fc fragmentation context
- * @param msg_delay where to store average delay between individual message transmissions the
- *         last message (OUT only)
- * @param ack_delay where to store average delay between transmission and ACK for the
- *         last message, set to FOREVER if the message was not fully transmitted (OUT only)
- */
-void
-GNUNET_FRAGMENT_context_destroy (struct GNUNET_FRAGMENT_Context *fc,
-                                 struct GNUNET_TIME_Relative *msg_delay,
-                                 struct GNUNET_TIME_Relative *ack_delay);
-
-
-/**
- * Convert an ACK message to a printable format suitable for logging.
- *
- * @param ack message to print
- * @return ack in human-readable format
- */
-const char *
-GNUNET_FRAGMENT_print_ack (const struct GNUNET_MessageHeader *ack);
-
-
-/**
- * Defragmentation context (one per connection).
- */
-struct GNUNET_DEFRAGMENT_Context;
-
-
-/**
- * Function that is called with acknowledgement messages created by
- * the fragmentation module.  Acknowledgements are cumulative,
- * so it is OK to only transmit the 'latest' ack message for the same
- * message ID.
- *
- * @param cls closure
- * @param id unique message ID (modulo collisions)
- * @param msg the message that was created
- */
-typedef void
-(*GNUNET_DEFRAGMENT_AckProcessor) (void *cls,
-                                   uint32_t id,
-                                   const struct GNUNET_MessageHeader *msg);
-
-
-/**
- * Create a defragmentation context.
- *
- * @param stats statistics context
- * @param mtu the maximum message size for each fragment
- * @param num_msgs how many fragmented messages
- *                 to we defragment at most at the same time?
- * @param cls closure for @a proc and @a ackp
- * @param proc function to call with defragmented messages
- * @param ackp function to call with acknowledgements (to send
- *             back to the other side)
- * @return the defragmentation context
- */
-struct GNUNET_DEFRAGMENT_Context *
-GNUNET_DEFRAGMENT_context_create (struct GNUNET_STATISTICS_Handle *stats,
-                                  uint16_t mtu,
-                                  unsigned int num_msgs,
-                                  void *cls,
-                                  GNUNET_FRAGMENT_MessageProcessor proc,
-                                  GNUNET_DEFRAGMENT_AckProcessor ackp);
-
-
-/**
- * Destroy the given defragmentation context.
- *
- * @param dc defragmentation context
- */
-void
-GNUNET_DEFRAGMENT_context_destroy (struct GNUNET_DEFRAGMENT_Context *dc);
-
-
-/**
- * We have received a fragment.  Process it.
- *
- * @param dc the context
- * @param msg the message that was received
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if this was a duplicate,
- *         #GNUNET_SYSERR on error
- */
-int
-GNUNET_DEFRAGMENT_process_fragment (struct GNUNET_DEFRAGMENT_Context *dc,
-                                    const struct GNUNET_MessageHeader *msg);
-
-
-#if 0                           /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/** @} */  /* end of group */
-
-/** @} */ /* end of group addition */
diff --git a/src/include/gnunet_friends_lib.h b/src/include/gnunet_friends_lib.h
deleted file mode 100644
index 4f4d5e88b..000000000
--- a/src/include/gnunet_friends_lib.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2013 Christian Grothoff
-
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-
-/**
- * @addtogroup Backbone 
- * @{
- *
- * @author Christian Grothoff
- *
- * @file
- * Library to read and write the FRIENDS file
- *
- * @defgroup friends  Friends library
- * Library to read and write the FRIENDS file
- * @{
- */
-#ifndef GNUNET_FRIENDS_LIB_H
-#define GNUNET_FRIENDS_LIB_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0                           /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-
-#include "gnunet_util_lib.h"
-
-
-/**
- * Signature of a function called on each friend found.
- *
- * @param cls closure
- * @param friend_id peer identity of the friend
- */
-typedef void (*GNUNET_FRIENDS_Callback)(void *cls,
-                                        const struct
-                                        GNUNET_PeerIdentity *friend_id);
-
-
-/**
- * Parse the FRIENDS file.
- *
- * @param cfg our configuration
- * @param cb function to call on each friend found
- * @param cb_cls closure for @a cb
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on parsing errors
- */
-int
-GNUNET_FRIENDS_parse (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                      GNUNET_FRIENDS_Callback cb,
-                      void *cb_cls);
-
-
-/**
- * Handle for writing a friends file.
- */
-struct GNUNET_FRIENDS_Writer;
-
-
-/**
- * Start writing a fresh FRIENDS file.  Will make a backup of the
- * old one.
- *
- * @param cfg configuration to use.
- * @return NULL on error
- */
-struct GNUNET_FRIENDS_Writer *
-GNUNET_FRIENDS_write_start (const struct GNUNET_CONFIGURATION_Handle *cfg);
-
-
-/**
- * Finish writing out the friends file.
- *
- * @param w write handle
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_FRIENDS_write_stop (struct GNUNET_FRIENDS_Writer *w);
-
-
-/**
- * Add a friend to the friends file.
- *
- * @param w write handle
- * @param friend_id friend to add
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_FRIENDS_write (struct GNUNET_FRIENDS_Writer *w,
-                      const struct GNUNET_PeerIdentity *friend_id);
-
-
-#if 0                           /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/** @} */  /* end of group */
-
-/** @} */  /* end of group addition to backbone */
diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h
index 1fcf7aa8b..1f19e58ac 100644
--- a/src/include/gnunet_gns_service.h
+++ b/src/include/gnunet_gns_service.h
@@ -137,7 +137,7 @@ enum GNUNET_GNS_LocalOptions
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
                    const char *name,
-                   const struct GNUNET_IDENTITY_PublicKey *zone,
+                   const struct GNUNET_CRYPTO_PublicKey *zone,
                    uint32_t type,
                    enum GNUNET_GNS_LocalOptions options,
                    GNUNET_GNS_LookupResultProcessor proc,
@@ -161,7 +161,7 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle,
                            const char *name,
-                           const struct GNUNET_IDENTITY_PublicKey *zone,
+                           const struct GNUNET_CRYPTO_PublicKey *zone,
                            uint32_t type,
                            enum GNUNET_GNS_LocalOptions options,
                            uint16_t recursion_depth_limit,
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 338f22223..d78e637e8 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -339,7 +339,7 @@ struct GNUNET_GNSRECORD_ReverseRecord
   /**
    * The public key of the namespace the is delegating to our namespace
    */
-  struct GNUNET_IDENTITY_PublicKey pkey;
+  struct GNUNET_CRYPTO_PublicKey pkey;
 
   /**
    * The expiration time of the delegation
@@ -494,7 +494,7 @@ GNUNET_GNSRECORD_string_normalize (const char *src);
  * #GNUNET_GNSRECORD_z2s.
  */
 const char *
-GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
+GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_PublicKey *z);
 
 
 /**
@@ -508,7 +508,7 @@ GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
  *         key in an encoding suitable for DNS labels.
  */
 const char *
-GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
+GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_PublicKey *pkey);
 
 
 /**
@@ -522,7 +522,7 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
  */
 int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
-                               struct GNUNET_IDENTITY_PublicKey *pkey);
+                               struct GNUNET_CRYPTO_PublicKey *pkey);
 
 
 /**
@@ -534,7 +534,7 @@ GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
  */
 void
 GNUNET_GNSRECORD_query_from_private_key (
-  const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label,
+  const struct GNUNET_CRYPTO_PrivateKey *zone, const char *label,
   struct GNUNET_HashCode *query);
 
 
@@ -548,7 +548,7 @@ GNUNET_GNSRECORD_query_from_private_key (
  */
 void
 GNUNET_GNSRECORD_query_from_public_key (
-  const struct GNUNET_IDENTITY_PublicKey *pub, const char *label,
+  const struct GNUNET_CRYPTO_PublicKey *pub, const char *label,
   struct GNUNET_HashCode *query);
 
 
@@ -562,7 +562,7 @@ GNUNET_GNSRECORD_query_from_public_key (
  */
 ssize_t
 GNUNET_GNSRECORD_block_calculate_size (const struct
-                                       GNUNET_IDENTITY_PrivateKey *key,
+                                       GNUNET_CRYPTO_PrivateKey *key,
                                        const struct GNUNET_GNSRECORD_Data *rd,
                                        unsigned int rd_count);
 
@@ -576,7 +576,7 @@ GNUNET_GNSRECORD_block_calculate_size (const struct
  */
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_sign (const struct
-                             GNUNET_IDENTITY_PrivateKey *key,
+                             GNUNET_CRYPTO_PrivateKey *key,
                              const char *label,
                              struct GNUNET_GNSRECORD_Block *block);
 
@@ -592,7 +592,7 @@ GNUNET_GNSRECORD_block_sign (const struct
  * @return GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_PrivateKey *key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -617,7 +617,7 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
  */
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_create_unsigned (const struct
-                                        GNUNET_IDENTITY_PrivateKey *key,
+                                        GNUNET_CRYPTO_PrivateKey *key,
                                         struct GNUNET_TIME_Absolute expire,
                                         const char *label,
                                         const struct GNUNET_GNSRECORD_Data *rd,
@@ -639,7 +639,7 @@ GNUNET_GNSRECORD_block_create_unsigned (const struct
  * @return GNUNET_OK on success.
  */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_PrivateKey *key,
                                 struct GNUNET_TIME_Absolute expire,
                                 const char *label,
                                 const struct GNUNET_GNSRECORD_Data *rd,
@@ -672,7 +672,7 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block);
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_decrypt (
   const struct GNUNET_GNSRECORD_Block *block,
-  const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label,
+  const struct GNUNET_CRYPTO_PublicKey *zone_key, const char *label,
   GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls);
 
 
@@ -752,7 +752,7 @@ enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_identity_from_data (const char *data,
                                      size_t data_size,
                                      uint32_t type,
-                                     struct GNUNET_IDENTITY_PublicKey *key);
+                                     struct GNUNET_CRYPTO_PublicKey *key);
 
 
 /**
@@ -766,7 +766,7 @@ GNUNET_GNSRECORD_identity_from_data (const char *data,
  */
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_data_from_identity (const struct
-                                     GNUNET_IDENTITY_PublicKey *key,
+                                     GNUNET_CRYPTO_PublicKey *key,
                                      char **data,
                                      size_t *data_size,
                                      uint32_t *type);
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h
index 20a61cbfb..b57f48ac5 100644
--- a/src/include/gnunet_hello_lib.h
+++ b/src/include/gnunet_hello_lib.h
@@ -476,7 +476,7 @@ GNUNET_HELLO_parse_uri (const char *uri,
 
 
 /* NG API */
-#include "gnunet_nt_lib.h"
+#include "gnunet_util_lib.h"
 
 
 /**
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index fd0458f62..4743dbf7e 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -62,20 +62,6 @@ extern "C" {
  */
 #define GNUNET_IDENTITY_VERSION 0x00000100
 
-enum GNUNET_IDENTITY_KeyType
-{
-  /**
-   * The identity type. The value is the same as the
-   * PKEY record type.
-   */
-  GNUNET_IDENTITY_TYPE_ECDSA = 65536,
-
-  /**
-   * EDDSA identity. The value is the same as the EDKEY
-   * record type.
-   */
-  GNUNET_IDENTITY_TYPE_EDDSA = 65556
-};
 
 /**
  * Handle to access the identity service.
@@ -88,89 +74,6 @@ struct GNUNET_IDENTITY_Handle;
 struct GNUNET_IDENTITY_Ego;
 
 /**
- * A private key for an identity as per LSD0001.
- * Note that these types are NOT packed and MUST NOT be used in RPC
- * messages. Use the respective serialization functions.
- */
-struct GNUNET_IDENTITY_PrivateKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
-
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
-  };
-};
-
-
-/**
- * An identity key as per LSD0001.
- */
-struct GNUNET_IDENTITY_PublicKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
-
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
-  };
-};
-
-
-/**
- * An identity signature as per LSD0001.
- */
-struct GNUNET_IDENTITY_Signature
-{
-  /**
-   * Type of signature.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA signature
-     */
-    struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature;
-
-    /**
-     * AN EdDSA signature
-     */
-    struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
-  };
-};
-
-
-/**
  * Handle for an operation with the identity service.
  */
 struct GNUNET_IDENTITY_Operation;
@@ -182,7 +85,7 @@ struct GNUNET_IDENTITY_Operation;
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_IDENTITY_PrivateKey *
+const struct GNUNET_CRYPTO_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
 
 
@@ -203,7 +106,7 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_IDENTITY_PublicKey *pk);
+                                    struct GNUNET_CRYPTO_PublicKey *pk);
 
 
 /**
@@ -326,7 +229,7 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 typedef void
 (*GNUNET_IDENTITY_CreateContinuation) (
   void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *pk,
+  const struct GNUNET_CRYPTO_PrivateKey *pk,
   enum GNUNET_ErrorCode ec);
 
 
@@ -344,8 +247,8 @@ typedef void
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
                         const char *name,
-                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
-                        enum GNUNET_IDENTITY_KeyType ktype,
+                        const struct GNUNET_CRYPTO_PrivateKey *privkey,
+                        enum GNUNET_CRYPTO_KeyType ktype,
                         GNUNET_IDENTITY_CreateContinuation cont,
                         void *cont_cls);
 
@@ -396,472 +299,6 @@ void
 GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
 
 
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_PublicKey.
- * Compacted means that it returns the minimum number of bytes this
- * key is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_PublicKey.
- * Useful for compact serializations.
- *
- * @param key the key.
- * @return -1 on error, else the compacted length of the key.
- */
-ssize_t
-GNUNET_IDENTITY_public_key_get_length (const struct
-                                       GNUNET_IDENTITY_PublicKey *key);
-
-/**
- * Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param buffer the buffer
- * @param len the length of buffer
- * @param key the key
- * @param the amount of bytes read from the buffer
- * @return #GNUNET_SYSERR on error
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_read_public_key_from_buffer (
-  const void *buffer,
-  size_t len,
-  struct GNUNET_IDENTITY_PublicKey *key,
-  size_t *read);
-
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_PrivateKey.
- * Compacted means that it returns the minimum number of bytes this
- * key is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_PrivateKey.
- * Useful for compact serializations.
- *
- * @param key the key.
- * @return -1 on error, else the compacted length of the key.
- */
-ssize_t
-GNUNET_IDENTITY_private_key_get_length (
-  const struct GNUNET_IDENTITY_PrivateKey *key);
-
-
-/**
- * Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_public_key_to_buffer (const struct
-                                            GNUNET_IDENTITY_PublicKey *key,
-                                            void*buffer,
-                                            size_t len);
-
-
-/**
- * Reads a #GNUNET_IDENTITY_PrivateKey from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_PrivateKey in bytes.
- * If the buffer is too small, the function returns GNUNET_SYSERR as error.
- *
- * @param buffer the buffer
- * @param len the length of buffer
- * @param key the key
- * @param the amount of bytes read from the buffer
- * @return #GNUNET_SYSERR on error
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_read_private_key_from_buffer (
-  const void*buffer,
-  size_t len,
-  struct GNUNET_IDENTITY_PrivateKey *key,
-  size_t *read);
-
-
-/**
- * Writes a #GNUNET_IDENTITY_PrivateKey to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_PrivateKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_private_key_to_buffer (
-  const struct GNUNET_IDENTITY_PrivateKey *key,
-  void*buffer,
-  size_t len);
-
-
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_Signature.
- * Compacted means that it returns the minimum number of bytes this
- * signature is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_Signature.
- * Useful for compact serializations.
- *
- * @param sig the signature.
- * @return -1 on error, else the compacted length of the signature.
- */
-ssize_t
-GNUNET_IDENTITY_signature_get_length (
-  const struct GNUNET_IDENTITY_Signature *sig);
-
-
-/**
- * Get the compacted length of a signature by type.
- * Compacted means that it returns the minimum number of bytes this
- * signature is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_Signature.
- * Useful for compact serializations.
- *
- * @param sig the signature.
- * @return -1 on error, else the compacted length of the signature.
- */
-ssize_t
-GNUNET_IDENTITY_signature_get_raw_length_by_type (uint32_t type);
-
-
-/**
- * Reads a #GNUNET_IDENTITY_Signature from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes read from the buffer
- */
-ssize_t
-GNUNET_IDENTITY_read_signature_from_buffer (
-  struct GNUNET_IDENTITY_Signature *sig,
-  const void*buffer,
-  size_t len);
-
-
-/**
- * Writes a #GNUNET_IDENTITY_Signature to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_signature_to_buffer (
-  const struct GNUNET_IDENTITY_Signature *sig,
-  void*buffer,
-  size_t len);
-
-
-/**
- * @brief Sign a given block.
- *
- * The @a purpose data is the beginning of the data of which the signature is
- * to be created. The `size` field in @a purpose must correctly indicate the
- * number of bytes of the data structure, including its header. If possible,
- * use #GNUNET_IDENTITY_sign() instead of this function.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param[out] sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_sign_ (
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
-  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-  struct GNUNET_IDENTITY_Signature *sig);
-
-/**
- * @brief Sign a given block.
- *
- * The @a purpose data is the beginning of the data of which the signature is
- * to be created. The `size` field in @a purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- * The signature payload and length depends on the key type.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param[out] sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_sign_raw_ (
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
-  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-  unsigned char *sig);
-
-
-/**
- * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param priv private key to use for the signing
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param[out] sig where to write the signature
- */
-#define GNUNET_IDENTITY_sign(priv,ps,sig) do {                \
-          /* check size is set correctly */                                     \
-          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-          /* check 'ps' begins with the purpose */                              \
-          GNUNET_static_assert (((void*) (ps)) ==                               \
-                                ((void*) &(ps)->purpose));                      \
-          GNUNET_assert (GNUNET_OK ==                                           \
-                         GNUNET_IDENTITY_sign_ (priv,               \
-                                                &(ps)->purpose,             \
-                                                sig));                      \
-} while (0)
-
-
-/**
- * @brief Verify a given signature.
- *
- * The @a validate data is the beginning of the data of which the signature
- * is to be verified. The `size` field in @a validate must correctly indicate
- * the number of bytes of the data structure, including its header.  If @a
- * purpose does not match the purpose given in @a validate (the latter must be
- * in big endian), signature verification fails.  If possible,
- * use #GNUNET_IDENTITY_signature_verify() instead of this function (only if @a validate
- * is not fixed-size, you must use this function directly).
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_signature_verify_ (
-  uint32_t purpose,
-  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
-  const struct GNUNET_IDENTITY_Signature *sig,
-  const struct GNUNET_IDENTITY_PublicKey *pub);
-
-/**
- * @brief Verify a given signature.
- *
- * The @a validate data is the beginning of the data of which the signature
- * is to be verified. The `size` field in @a validate must correctly indicate
- * the number of bytes of the data structure, including its header.  If @a
- * purpose does not match the purpose given in @a validate (the latter must be
- * in big endian), signature verification fails.
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_signature_verify_raw_ (
-  uint32_t purpose,
-  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
-  const unsigned char *sig,
-  const struct GNUNET_IDENTITY_PublicKey *pub);
-
-
-/**
- * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param purp purpose of the signature, must match 'ps->purpose.purpose'
- *              (except in host byte order)
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param sig where to read the signature from
- * @param pub public key to use for the verifying
- */
-#define GNUNET_IDENTITY_signature_verify(purp,ps,sig,pub) ({             \
-    /* check size is set correctly */                                     \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-    /* check 'ps' begins with the purpose */                              \
-    GNUNET_static_assert (((void*) (ps)) ==                               \
-                          ((void*) &(ps)->purpose));                      \
-    GNUNET_IDENTITY_signature_verify_ (purp,                              \
-                                       &(ps)->purpose,                    \
-                                       sig,                               \
-                                       pub);                              \
-  })
-
-
-/**
- * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
- * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
- * using ecdh to derive a symmetric key.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param pub public key to use for ecdh
- * @param ecc where to write the ecc public key
- * @param result the output parameter in which to store the encrypted result
- *               can be the same or overlap with @c block
- * @returns the size of the encrypted block, -1 for errors.
- *          Due to the use of CFB and therefore an effective stream cipher,
- *          this size should be the same as @c len.
- */
-ssize_t
-GNUNET_IDENTITY_encrypt_old (const void *block,
-                             size_t size,
-                             const struct GNUNET_IDENTITY_PublicKey *pub,
-                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                             void *result);
-
-
-/**
- * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
- * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
- *
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the @a block to decrypt
- * @param priv private key to use for ecdh
- * @param ecc the ecc public key
- * @param result address to store the result at
- *               can be the same or overlap with @c block
- * @return -1 on failure, size of decrypted block on success.
- *         Due to the use of CFB and therefore an effective stream cipher,
- *         this size should be the same as @c size.
- */
-ssize_t
-GNUNET_IDENTITY_decrypt_old (
-  const void *block,
-  size_t size,
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
-  const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-  void *result);
-
-#define GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \
-                                                + sizeof (struct \
-                                                          GNUNET_CRYPTO_FoKemC))
-
-/**
- * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
- * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
- * using ecdh to derive a symmetric key.
- *
- * Note that the result buffer for the ciphertext must be the length of
- * the message to encrypt plus #GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param pub public key to encrypt for
- * @param result the output parameter in which to store the encrypted result
- *               can be the same or overlap with @c block
- * @returns GNUNET_OK on success.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_encrypt (const void *block,
-                         size_t size,
-                         const struct GNUNET_IDENTITY_PublicKey *pub,
-                         void *result,
-                         size_t result_size);
-
-
-/**
- * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
- * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
- *
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the @a block to decrypt
- * @param priv private key to use for ecdh
- * @param result address to store the result at
- *               can be the same or overlap with @c block
- * @returns GNUNET_OK on success.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_decrypt (const void *block,
-                         size_t size,
-                         const struct GNUNET_IDENTITY_PrivateKey *priv,
-                         void *result,
-                         size_t result_size);
-
-
-/**
- * Creates a (Base32) string representation of the public key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_public_key_to_string (
-  const struct GNUNET_IDENTITY_PublicKey *key);
-
-
-/**
- * Creates a (Base32) string representation of the private key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_private_key_to_string (
-  const struct GNUNET_IDENTITY_PrivateKey *key);
-
-
-/**
- * Parses a (Base32) string representation of the public key.
- * See also #GNUNET_IDENTITY_public_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_public_key_from_string (const char*str,
-                                        struct GNUNET_IDENTITY_PublicKey *key);
-
-
-/**
- * Parses a (Base32) string representation of the private key.
- * See also #GNUNET_IDENTITY_private_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_private_key_from_string (const char*str,
-                                         struct GNUNET_IDENTITY_PrivateKey *key);
-
-
-/**
- * Retrieves the public key representation of a private key.
- *
- * @param privkey the private key.
- * @param key the public key result.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_key_get_public (const struct
-                                GNUNET_IDENTITY_PrivateKey *privkey,
-                                struct GNUNET_IDENTITY_PublicKey *key);
-
-
 /* ************* convenience API to lookup an ego ***************** */
 
 /**
@@ -914,7 +351,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
 typedef void
 (*GNUNET_IDENTITY_EgoSuffixCallback) (
   void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
   const char *ego_name);
 
 
diff --git a/src/include/gnunet_json_lib.h b/src/include/gnunet_json_lib.h
index 26c68fed3..c3204026b 100644
--- a/src/include/gnunet_json_lib.h
+++ b/src/include/gnunet_json_lib.h
@@ -291,6 +291,17 @@ GNUNET_JSON_spec_bool (const char *name,
 
 
 /**
+ * double.
+ *
+ * @param name name of the JSON field
+ * @param[out] f where to store the double found under @a name
+ */
+struct GNUNET_JSON_Specification
+GNUNET_JSON_spec_double (const char *name,
+                         double *f);
+
+
+/**
  * 8-bit integer.
  *
  * @param name name of the JSON field
@@ -704,6 +715,19 @@ GNUNET_JSON_pack_bool (const char *name,
 
 /**
  * Generate packer instruction for a JSON field of type
+ * double.
+ *
+ * @param name name of the field to add to the object
+ * @param f double value
+ * @return json pack specification
+ */
+struct GNUNET_JSON_PackSpec
+GNUNET_JSON_pack_double (const char *name,
+                         double f);
+
+
+/**
+ * Generate packer instruction for a JSON field of type
  * string.
  *
  * @param name name of the field to add to the object
diff --git a/src/include/gnunet_messenger_service.h b/src/include/gnunet_messenger_service.h
index 5f4207d2f..90004826a 100644
--- a/src/include/gnunet_messenger_service.h
+++ b/src/include/gnunet_messenger_service.h
@@ -224,7 +224,7 @@ struct GNUNET_MESSENGER_MessageHeader
   /**
    * The signature of the senders private key.
    */
-  struct GNUNET_IDENTITY_Signature signature;
+  struct GNUNET_CRYPTO_Signature signature;
 
   /**
    * The timestamp of the message.
@@ -258,7 +258,7 @@ struct GNUNET_MESSENGER_MessageInfo
   /**
    * The senders key to verify its signatures.
    */
-  struct GNUNET_IDENTITY_PublicKey host_key;
+  struct GNUNET_CRYPTO_PublicKey host_key;
 
   /**
    * The version of GNUnet Messenger API.
@@ -281,7 +281,7 @@ struct GNUNET_MESSENGER_MessageJoin
   /**
    * The senders public key to verify its signatures.
    */
-  struct GNUNET_IDENTITY_PublicKey key;
+  struct GNUNET_CRYPTO_PublicKey key;
 };
 
 /**
@@ -319,7 +319,7 @@ struct GNUNET_MESSENGER_MessageKey
   /**
    * The new public key which replaces the current senders public key.
    */
-  struct GNUNET_IDENTITY_PublicKey key;
+  struct GNUNET_CRYPTO_PublicKey key;
 };
 
 /**
@@ -671,7 +671,7 @@ GNUNET_MESSENGER_set_name (struct GNUNET_MESSENGER_Handle *handle,
  * @param[in] handle Messenger handle to use
  * @return Used ego's public key or NULL
  */
-const struct GNUNET_IDENTITY_PublicKey*
+const struct GNUNET_CRYPTO_PublicKey*
 GNUNET_MESSENGER_get_key (const struct GNUNET_MESSENGER_Handle *handle);
 
 /**
@@ -783,7 +783,7 @@ GNUNET_MESSENGER_contact_get_name (const struct GNUNET_MESSENGER_Contact *contac
  * @param[in] contact Contact handle
  * @return Public key of the ego used by <i>contact</i> or NULL
  */
-const struct GNUNET_IDENTITY_PublicKey*
+const struct GNUNET_CRYPTO_PublicKey*
 GNUNET_MESSENGER_contact_get_key (const struct GNUNET_MESSENGER_Contact *contact);
 
 /**
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index f2bdf7cc6..d8dde5af5 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -62,7 +62,7 @@ typedef void
 (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
                                     uint64_t serial,
                                     const struct
-                                    GNUNET_IDENTITY_PrivateKey *private_key,
+                                    GNUNET_CRYPTO_PrivateKey *private_key,
                                     const char *label,
                                     unsigned int rd_count,
                                     const struct GNUNET_GNSRECORD_Data *rd);
@@ -91,7 +91,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   enum GNUNET_GenericReturnValue
   (*store_records)(void *cls,
-                   const struct GNUNET_IDENTITY_PrivateKey *zone,
+                   const struct GNUNET_CRYPTO_PrivateKey *zone,
                    const char *label,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd);
@@ -108,7 +108,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   enum GNUNET_GenericReturnValue
   (*lookup_records)(void *cls,
-                    const struct GNUNET_IDENTITY_PrivateKey *zone,
+                    const struct GNUNET_CRYPTO_PrivateKey *zone,
                     const char *label,
                     GNUNET_NAMESTORE_RecordIterator iter,
                     void *iter_cls);
@@ -130,7 +130,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   enum GNUNET_GenericReturnValue
   (*iterate_records)(void *cls,
-                     const struct GNUNET_IDENTITY_PrivateKey *zone,
+                     const struct GNUNET_CRYPTO_PrivateKey *zone,
                      uint64_t serial,
                      uint64_t limit,
                      GNUNET_NAMESTORE_RecordIterator iter,
@@ -150,8 +150,8 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   enum GNUNET_GenericReturnValue
   (*zone_to_name)(void *cls,
-                  const struct GNUNET_IDENTITY_PrivateKey *zone,
-                  const struct GNUNET_IDENTITY_PublicKey *value_zone,
+                  const struct GNUNET_CRYPTO_PrivateKey *zone,
+                  const struct GNUNET_CRYPTO_PublicKey *value_zone,
                   GNUNET_NAMESTORE_RecordIterator iter,
                   void *iter_cls);
 
@@ -201,7 +201,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    */
   enum GNUNET_GenericReturnValue
   (*edit_records)(void *cls,
-                  const struct GNUNET_IDENTITY_PrivateKey *zone,
+                  const struct GNUNET_CRYPTO_PrivateKey *zone,
                   const char *label,
                   GNUNET_NAMESTORE_RecordIterator iter,
                   void *iter_cls);
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index b93a345c7..61691ff55 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -153,7 +153,7 @@ typedef void
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
-                                const struct GNUNET_IDENTITY_PrivateKey *pkey,
+                                const struct GNUNET_CRYPTO_PrivateKey *pkey,
                                 const char *label,
                                 unsigned int rd_count,
                                 const struct GNUNET_GNSRECORD_Data *rd,
@@ -187,7 +187,7 @@ GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store2 (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   unsigned int rd_set_count,
   const struct GNUNET_NAMESTORE_RecordInfo *record_info,
   unsigned int *rds_sent,
@@ -217,7 +217,7 @@ GNUNET_NAMESTORE_records_store2 (
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store_ (struct GNUNET_NAMESTORE_Handle *h,
-                                 const struct GNUNET_IDENTITY_PrivateKey *pkey,
+                                 const struct GNUNET_CRYPTO_PrivateKey *pkey,
                                  const char *label,
                                  unsigned int rd_count,
                                  const struct GNUNET_GNSRECORD_Data *rd,
@@ -240,7 +240,7 @@ GNUNET_NAMESTORE_records_store_ (struct GNUNET_NAMESTORE_Handle *h,
 typedef void
 (*GNUNET_NAMESTORE_RecordMonitor) (void *cls,
                                    const struct
-                                   GNUNET_IDENTITY_PrivateKey *zone,
+                                   GNUNET_CRYPTO_PrivateKey *zone,
                                    const char *label,
                                    unsigned int rd_count,
                                    const struct GNUNET_GNSRECORD_Data *rd);
@@ -260,7 +260,7 @@ typedef void
 typedef void
 (*GNUNET_NAMESTORE_RecordSetMonitor) (void *cls,
                                       const struct
-                                      GNUNET_IDENTITY_PrivateKey *zone,
+                                      GNUNET_CRYPTO_PrivateKey *zone,
                                       const char *label,
                                       unsigned int rd_count,
                                       const struct GNUNET_GNSRECORD_Data *rd,
@@ -284,7 +284,7 @@ typedef void
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
                                  const struct
-                                 GNUNET_IDENTITY_PrivateKey *pkey,
+                                 GNUNET_CRYPTO_PrivateKey *pkey,
                                  const char *label,
                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                  void *error_cb_cls,
@@ -309,7 +309,7 @@ GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_lookup2 (struct GNUNET_NAMESTORE_Handle *h,
                                   const struct
-                                  GNUNET_IDENTITY_PrivateKey *pkey,
+                                  GNUNET_CRYPTO_PrivateKey *pkey,
                                   const char *label,
                                   GNUNET_SCHEDULER_TaskCallback error_cb,
                                   void *error_cb_cls,
@@ -338,9 +338,9 @@ GNUNET_NAMESTORE_records_lookup2 (struct GNUNET_NAMESTORE_Handle *h,
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_zone_to_name (struct GNUNET_NAMESTORE_Handle *h,
-                               const struct GNUNET_IDENTITY_PrivateKey *zone,
+                               const struct GNUNET_CRYPTO_PrivateKey *zone,
                                const struct
-                               GNUNET_IDENTITY_PublicKey *value_zone,
+                               GNUNET_CRYPTO_PublicKey *value_zone,
                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                void *error_cb_cls,
                                GNUNET_NAMESTORE_RecordMonitor proc,
@@ -390,7 +390,7 @@ GNUNET_NAMESTORE_cancel (struct GNUNET_NAMESTORE_QueueEntry *qe);
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start (struct GNUNET_NAMESTORE_Handle *h,
                                        const struct
-                                       GNUNET_IDENTITY_PrivateKey *zone,
+                                       GNUNET_CRYPTO_PrivateKey *zone,
                                        GNUNET_SCHEDULER_TaskCallback error_cb,
                                        void *error_cb_cls,
                                        GNUNET_NAMESTORE_RecordMonitor proc,
@@ -427,7 +427,7 @@ GNUNET_NAMESTORE_zone_iteration_start (struct GNUNET_NAMESTORE_Handle *h,
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start2 (struct GNUNET_NAMESTORE_Handle *h,
                                         const struct
-                                        GNUNET_IDENTITY_PrivateKey *zone,
+                                        GNUNET_CRYPTO_PrivateKey *zone,
                                         GNUNET_SCHEDULER_TaskCallback error_cb,
                                         void *error_cb_cls,
                                         GNUNET_NAMESTORE_RecordSetMonitor proc,
@@ -501,7 +501,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor;
 struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
-  const struct GNUNET_IDENTITY_PrivateKey *zone,
+  const struct GNUNET_CRYPTO_PrivateKey *zone,
   int iterate_first,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
@@ -541,7 +541,7 @@ GNUNET_NAMESTORE_zone_monitor_start (
 struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start2 (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
-  const struct GNUNET_IDENTITY_PrivateKey *zone,
+  const struct GNUNET_CRYPTO_PrivateKey *zone,
   int iterate_first,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
@@ -637,7 +637,7 @@ GNUNET_NAMESTORE_transaction_commit (struct GNUNET_NAMESTORE_Handle *h,
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_edit (
   struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   const char *label,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
diff --git a/src/include/gnunet_nt_lib.h b/src/include/gnunet_nt_lib.h
index 144a3daa3..014b4fbe0 100644
--- a/src/include/gnunet_nt_lib.h
+++ b/src/include/gnunet_nt_lib.h
@@ -17,6 +17,11 @@
 
      SPDX-License-Identifier: AGPL3.0-or-later
  */
+
+#if !defined (__GNUNET_UTIL_LIB_H_INSIDE__)
+#error "Only <gnunet_util_lib.h> can be included directly."
+#endif
+
 /**
  * @addtogroup Backbone
  * @{
diff --git a/src/include/gnunet_reclaim_service.h b/src/include/gnunet_reclaim_service.h
index 49a006e91..a8ab8776e 100644
--- a/src/include/gnunet_reclaim_service.h
+++ b/src/include/gnunet_reclaim_service.h
@@ -74,12 +74,12 @@ struct GNUNET_RECLAIM_Ticket
   /**
    * The ticket issuer (= the user)
    */
-  struct GNUNET_IDENTITY_PublicKey identity;
+  struct GNUNET_CRYPTO_PublicKey identity;
 
   /**
    * The ticket audience (= relying party)
    */
-  struct GNUNET_IDENTITY_PublicKey audience;
+  struct GNUNET_CRYPTO_PublicKey audience;
 
   /**
    * The ticket random identifier
@@ -134,7 +134,7 @@ typedef void (*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
  * @param attr The attribute
  */
 typedef void (*GNUNET_RECLAIM_AttributeResult) (
-  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
+  void *cls, const struct GNUNET_CRYPTO_PublicKey *identity,
   const struct GNUNET_RECLAIM_Attribute *attr);
 
 /**
@@ -146,7 +146,7 @@ typedef void (*GNUNET_RECLAIM_AttributeResult) (
  * @param presentation The presentation for the credential (may be NULL)
  */
 typedef void (*GNUNET_RECLAIM_AttributeTicketResult) (
-  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
+  void *cls, const struct GNUNET_CRYPTO_PublicKey *identity,
   const struct GNUNET_RECLAIM_Attribute *attr,
   const struct GNUNET_RECLAIM_Presentation *presentation);
 
@@ -160,7 +160,7 @@ typedef void (*GNUNET_RECLAIM_AttributeTicketResult) (
  * @param attributes the parsed attributes
  */
 typedef void (*GNUNET_RECLAIM_CredentialResult) (
-  void *cls, const struct GNUNET_IDENTITY_PublicKey *identity,
+  void *cls, const struct GNUNET_CRYPTO_PublicKey *identity,
   const struct GNUNET_RECLAIM_Credential *credential);
 
 
@@ -189,7 +189,7 @@ GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
@@ -210,7 +210,7 @@ GNUNET_RECLAIM_attribute_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_store (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *credential,
   const struct GNUNET_TIME_Relative *exp_interval,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
@@ -231,7 +231,7 @@ GNUNET_RECLAIM_credential_store (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_attribute_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Attribute *attr,
   GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
 
@@ -249,7 +249,7 @@ GNUNET_RECLAIM_attribute_delete (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_credential_delete (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+  const struct GNUNET_CRYPTO_PrivateKey *pkey,
   const struct GNUNET_RECLAIM_Credential *cred,
   GNUNET_RECLAIM_ContinuationWithStatus cont,
   void *cont_cls);
@@ -281,7 +281,7 @@ GNUNET_RECLAIM_credential_delete (
 struct GNUNET_RECLAIM_AttributeIterator *
 GNUNET_RECLAIM_get_attributes_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *identity,
+  const struct GNUNET_CRYPTO_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
   GNUNET_RECLAIM_AttributeResult proc, void *proc_cls,
   GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
@@ -337,7 +337,7 @@ GNUNET_RECLAIM_get_attributes_stop (
 struct GNUNET_RECLAIM_CredentialIterator *
 GNUNET_RECLAIM_get_credentials_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *identity,
+  const struct GNUNET_CRYPTO_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_RECLAIM_CredentialResult proc,
@@ -385,8 +385,8 @@ GNUNET_RECLAIM_get_credentials_stop (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_issue (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *iss,
-  const struct GNUNET_IDENTITY_PublicKey *rp,
+  const struct GNUNET_CRYPTO_PrivateKey *iss,
+  const struct GNUNET_CRYPTO_PublicKey *rp,
   const struct GNUNET_RECLAIM_AttributeList *attrs,
   GNUNET_RECLAIM_IssueTicketCallback cb, void *cb_cls);
 
@@ -407,7 +407,7 @@ GNUNET_RECLAIM_ticket_issue (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_revoke (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *identity,
+  const struct GNUNET_CRYPTO_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_ContinuationWithStatus cb, void *cb_cls);
 
@@ -427,7 +427,7 @@ GNUNET_RECLAIM_ticket_revoke (
 struct GNUNET_RECLAIM_Operation *
 GNUNET_RECLAIM_ticket_consume (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *identity,
+  const struct GNUNET_CRYPTO_PrivateKey *identity,
   const struct GNUNET_RECLAIM_Ticket *ticket,
   GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls);
 
@@ -452,7 +452,7 @@ GNUNET_RECLAIM_ticket_consume (
 struct GNUNET_RECLAIM_TicketIterator *
 GNUNET_RECLAIM_ticket_iteration_start (
   struct GNUNET_RECLAIM_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *identity,
+  const struct GNUNET_CRYPTO_PrivateKey *identity,
   GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
   GNUNET_RECLAIM_TicketCallback proc, void *proc_cls,
   GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 81a90189b..de5eedbb9 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -60,7 +60,7 @@ extern "C"
  * Maximum length of a revocation
  */
 #define GNUNET_REVOCATION_MAX_PROOF_SIZE sizeof(struct GNUNET_REVOCATION_PowP) +\
-                                         sizeof(struct GNUNET_IDENTITY_PublicKey) +\
+                                         sizeof(struct GNUNET_CRYPTO_PublicKey) +\
                                          1024 //FIXME max sig_len
 
 /**
@@ -152,7 +152,7 @@ typedef void (*GNUNET_REVOCATION_Callback) (void *cls,
  */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                         const struct GNUNET_IDENTITY_PublicKey *key,
+                         const struct GNUNET_CRYPTO_PublicKey *key,
                          GNUNET_REVOCATION_Callback func, void *func_cls);
 
 
@@ -219,7 +219,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
  * @param pow the pow object to work with in the calculation.
  */
 void
-GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key,
+GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_PrivateKey *key,
                             struct GNUNET_REVOCATION_PowP *pow);
 
 
diff --git a/src/include/gnunet_service_lib.h b/src/include/gnunet_service_lib.h
index 3ebfae581..0ad4fcc3c 100644
--- a/src/include/gnunet_service_lib.h
+++ b/src/include/gnunet_service_lib.h
@@ -19,7 +19,7 @@
  */
 
 
-#if !defined (__GNUNET_UTIL_LIB_H_INSIDE__)
+#if ! defined (__GNUNET_UTIL_LIB_H_INSIDE__)
 #error "Only <gnunet_util_lib.h> can be included directly."
 #endif
 
@@ -203,7 +203,6 @@ GNUNET_SERVICE_start (const char *service_name,
 void
 GNUNET_SERVICE_stop (struct GNUNET_SERVICE_Handle *srv);
 
-
 /**
  * Creates the "main" function for a GNUnet service.  You
  * should almost always use the #GNUNET_SERVICE_MAIN macro
@@ -258,6 +257,56 @@ GNUNET_SERVICE_run_ (int argc,
 
 
 /**
+ * Registers the GNUnet service to be scheduled as part of a monilithic
+ * libgnunet.
+ * You should almost always use the #GNUNET_SERVICE_MAIN macro
+ * instead of calling this function directly.
+ *
+ * The function will launch the service with the name @a service_name
+ * using the @a service_options to configure its shutdown
+ * behavior. Once the service is ready, the @a init_cb will be called
+ * for service-specific initialization.  @a init_cb will be given the
+ * service handler which can be used to control the service's
+ * availability.  When clients connect or disconnect, the respective
+ * @a connect_cb or @a disconnect_cb functions will be called. For
+ * messages received from the clients, the respective @a handlers will
+ * be invoked; for the closure of the handlers we use the return value
+ * from the @a connect_cb invocation of the respective client.
+ *
+ * Each handler MUST call #GNUNET_SERVICE_client_continue() after each
+ * message to receive further messages from this client.  If
+ * #GNUNET_SERVICE_client_continue() is not called within a short
+ * time, a warning will be logged. If delays are expected, services
+ * should call #GNUNET_SERVICE_client_disable_continue_warning() to
+ * disable the warning.
+ *
+ * Clients sending invalid messages (based on @a handlers) will be
+ * dropped. Additionally, clients can be dropped at any time using
+ * #GNUNET_SERVICE_client_drop().
+ *
+ * @param service_name name of the service to run
+ * @param options options controlling shutdown of the service
+ * @param service_init_cb function to call once the service is ready
+ * @param connect_cb function to call whenever a client connects
+ * @param disconnect_cb function to call whenever a client disconnects
+ * @param cls closure argument for @a service_init_cb, @a connect_cb and @a disconnect_cb
+ * @param handlers NULL-terminated array of message handlers for the service,
+ *                 the closure will be set to the value returned by
+ *                 the @a connect_cb for the respective connection
+ * @return 0 on success, non-zero on error
+ */
+int
+GNUNET_SERVICE_register_ (
+  const char *service_name,
+  enum GNUNET_SERVICE_Options options,
+  GNUNET_SERVICE_InitCallback service_init_cb,
+  GNUNET_SERVICE_ConnectHandler connect_cb,
+  GNUNET_SERVICE_DisconnectHandler disconnect_cb,
+  void *cls,
+  const struct GNUNET_MQ_MessageHandler *handlers);
+
+
+/**
  * Creates the "main" function for a GNUnet service.  You
  * MUST use this macro to define GNUnet services (except
  * for ARM, which MUST NOT use the macro).  The reason is
@@ -317,29 +366,50 @@ GNUNET_SERVICE_run_ (int argc,
 #ifndef HAVE_GNUNET_MONOLITH
 #define GNUNET_SERVICE_MAIN(service_name, service_options, init_cb, connect_cb, \
                             disconnect_cb, cls, ...) \
-  int \
-  main (int argc, \
-        char *const *argv) \
-  { \
-    struct GNUNET_MQ_MessageHandler mh[] = { \
-      __VA_ARGS__ \
-    };                        \
-    return GNUNET_SERVICE_run_ (argc, \
-                                argv, \
-                                service_name, \
-                                service_options, \
-                                init_cb, \
-                                connect_cb, \
-                                disconnect_cb, \
-                                cls, \
-                                mh); \
-  }
+        int \
+        main (int argc, \
+              char *const *argv) \
+        { \
+          struct GNUNET_MQ_MessageHandler mh[] = { \
+            __VA_ARGS__ \
+          };                        \
+          return GNUNET_SERVICE_run_ (argc, \
+                                      argv, \
+                                      service_name, \
+                                      service_options, \
+                                      init_cb, \
+                                      connect_cb, \
+                                      disconnect_cb, \
+                                      cls, \
+                                      mh); \
+        }
 #else
 #define GNUNET_SERVICE_MAIN(service_name, service_options, init_cb, connect_cb, \
-                            disconnect_cb, cls, ...)
+                            disconnect_cb, cls, ...) \
+        static int __attribute__ ((constructor)) \
+        init (void) \
+        { \
+          struct GNUNET_MQ_MessageHandler mh[] = { \
+            __VA_ARGS__ \
+          };                        \
+          return GNUNET_SERVICE_register_ (service_name, \
+                                           service_options, \
+                                           init_cb, \
+                                           connect_cb, \
+                                           disconnect_cb, \
+                                           cls, \
+                                           mh); \
+        }
 #endif
 
 /**
+ * Run the mainloop in a monolithic libgnunet.
+ * Must be called such that services are actually launched.
+ */
+void
+GNUNET_SERVICE_main (int argc, char *const *argv);
+
+/**
  * Suspend accepting connections from the listen socket temporarily.
  * Resume activity using #GNUNET_SERVICE_resume.
  *
diff --git a/src/include/gnunet_transport_application_service.h b/src/include/gnunet_transport_application_service.h
index 47f07a5f8..66512089a 100644
--- a/src/include/gnunet_transport_application_service.h
+++ b/src/include/gnunet_transport_application_service.h
@@ -19,7 +19,7 @@
  */
 /**
  * @addtogroup Backbone
- * @{ 
+ * @{
  *
  * @file
  * Bandwidth allocation API for applications to interact with
@@ -36,7 +36,6 @@
 
 #include "gnunet_constants.h"
 #include "gnunet_util_lib.h"
-#include "gnunet_nt_lib.h"
 #include "gnunet_testing_lib.h"
 #include "gnunet_testing_ng_lib.h"
 
diff --git a/src/include/gnunet_transport_communication_service.h b/src/include/gnunet_transport_communication_service.h
index a705b1970..92facb0e0 100644
--- a/src/include/gnunet_transport_communication_service.h
+++ b/src/include/gnunet_transport_communication_service.h
@@ -47,7 +47,6 @@ extern "C" {
 
 
 #include "gnunet_util_lib.h"
-#include "gnunet_nt_lib.h"
 
 /**
  * Version number of the transport communication API.
@@ -139,7 +138,7 @@ typedef void (*GNUNET_TRANSPORT_CommunicatorNotify) (
  * Connect to the transport service.
  *
  * @param cfg configuration to use
- * @param config_section_name section of the configuration to use for 
+ * @param config_section_name section of the configuration to use for
  *                            options
  * @param addr_prefix address prefix for addresses supported by this
  *        communicator, could be NULL for incoming-only communicators
diff --git a/src/include/gnunet_util_lib.h b/src/include/gnunet_util_lib.h
index c8737dc60..ee850bc3c 100644
--- a/src/include/gnunet_util_lib.h
+++ b/src/include/gnunet_util_lib.h
@@ -77,6 +77,7 @@ extern "C"
 #include "gnunet_helper_lib.h"
 #include "gnunet_mst_lib.h"
 #include "gnunet_mq_lib.h"
+#include "gnunet_nt_lib.h"
 #include "gnunet_nc_lib.h"
 #include "gnunet_op_lib.h"
 #include "gnunet_os_lib.h"
diff --git a/src/include/meson.build b/src/include/meson.build
index bf1f46a54..9a2483db5 100644
--- a/src/include/meson.build
+++ b/src/include/meson.build
@@ -42,8 +42,6 @@ install_headers(
   'gnunet_dnsstub_lib.h',
   'gnunet_dns_service.h',
   'gnunet_error_codes.h',
-  'gnunet_fragmentation_lib.h',
-  'gnunet_friends_lib.h',
   'gnunet_fs_service.h',
   'gnunet_getopt_lib.h',
   'gnunet_gns_service.h',