93 files changed, 1123 insertions, 1044 deletions
diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index e32ab0e28..b87b28e41 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -77,7 +77,9 @@ do_subst = $(SED) -e 's,[@]PYTHON[@],$(PYTHON),g'
 check_PROGRAMS = \
 test_gnunet_prefix
+if ENABLE_TEST_RUN
 TESTS = $(check_PROGRAMS)
+endif
 test_gnunet_prefix_SOURCES = \
 test_gnunet_prefix.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 00c4d6f93..9126815f4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -64,7 +64,6 @@ SUBDIRS = \
  dns \
  identity \
  set \
-  fs \
  $(LINUX_DIR) \
  $(MINGW_DIR) \
  gns \
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 14b509e8f..09f92f224 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -111,12 +111,12 @@ struct EphemeralKeyMessage
   * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable
   * for network transmission as created using 'gcry_sexp_sprint'.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded ephemeral_key;  
+  struct GNUNET_CRYPTO_EccPublicKey ephemeral_key;  
  /**
   * Public key of the signing peer (persistent version, not the ephemeral public key).
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded origin_public_key;
+  struct GNUNET_CRYPTO_EccPublicKey origin_public_key;
 };
@@ -392,7 +392,7 @@ static struct EphemeralKeyMessage current_ekm;
 /**
 * Our public key.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * Our message stream tokenizer (for encrypted payload).
@@ -771,7 +771,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx,
              "Core service receives `%s' request from `%4s'.\n", "EPHEMERAL_KEY",
              GNUNET_i2s (&kx->peer));
  GNUNET_CRYPTO_hash (&m->origin_public_key,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &signer_id.hashPubKey);
  if (0 !=
      memcmp (&signer_id, &kx->peer,
@@ -784,8 +784,8 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx,
       sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
       sizeof (struct GNUNET_TIME_AbsoluteNBO) +
       sizeof (struct GNUNET_TIME_AbsoluteNBO) +
-       sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+       sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
-       sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) ||
+       sizeof (struct GNUNET_CRYPTO_EccPublicKey)) ||
      (GNUNET_OK !=
       GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
                                 &m->purpose,
@@ -1476,8 +1476,8 @@ sign_ephemeral_key ()
  current_ekm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
                                    sizeof (struct GNUNET_TIME_AbsoluteNBO) +
                                    sizeof (struct GNUNET_TIME_AbsoluteNBO) +
-                                    sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+                                    sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
-                                    sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+                                    sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  current_ekm.creation_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
  if (GNUNET_YES ==
      GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg,
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c
index f3c868d97..16955629c 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -49,9 +49,6 @@
 #include <fenv.h>
 #include "dht.h"
-#include "../regex/regex_block_lib.h"
 #define LOG_TRAFFIC(kind,...) GNUNET_log_from (kind, "dht-traffic",__VA_ARGS__)
 /**
diff --git a/src/experimentation/gnunet-daemon-experimentation_experiments.c b/src/experimentation/gnunet-daemon-experimentation_experiments.c
index 343544ba8..99348a2cb 100644
--- a/src/experimentation/gnunet-daemon-experimentation_experiments.c
+++ b/src/experimentation/gnunet-daemon-experimentation_experiments.c
@@ -38,7 +38,7 @@
 */
 struct Issuer
 {
-        struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+        struct GNUNET_CRYPTO_EccPublicKey pubkey;
 };
@@ -410,7 +410,7 @@ GED_experiments_start ()
        char *pubkey;
        char *pos;
        struct GNUNET_PeerIdentity issuer_ID;
-        struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
+        struct GNUNET_CRYPTO_EccPublicKey pub;
        struct GNUNET_HashCode hash;
        /* Load valid issuer */
diff --git a/src/fs/fs_api.h b/src/fs/fs_api.h
index f3daeb85a..2fe38f604 100644
--- a/src/fs/fs_api.h
+++ b/src/fs/fs_api.h
@@ -125,7 +125,7 @@ struct Location
  /**
   * Identity of the peer sharing the file.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded peer;
+  struct GNUNET_CRYPTO_EccPublicKey peer;
  /**
   * Time when this location URI expires.
diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c
index 49a084199..36eaab6fa 100644
--- a/src/fs/fs_pseudonym.c
+++ b/src/fs/fs_pseudonym.c
@@ -104,9 +104,8 @@ static struct GNUNET_FS_pseudonym_DiscoveryHandle *disco_head;
 static struct GNUNET_FS_pseudonym_DiscoveryHandle *disco_tail;
 /**
- * Pointer to indiate 'anonymous' pseudonym (global static, all
+ * Pointer to indiate 'anonymous' pseudonym (global static, 
- * zeros).  We actually use pointer comparisson to detect the
+ * d=1, public key = G (generator).
- * "anonymous" pseudonym handle.
 */
 static struct GNUNET_FS_PseudonymHandle anonymous;
@@ -1019,6 +1018,68 @@ GNUNET_FS_pseudonym_create_from_existing_file (const char *filename)
 struct GNUNET_FS_PseudonymHandle *
 GNUNET_FS_pseudonym_get_anonymous_pseudonym_handle ()
 {
+  static int once;
+  gcry_mpi_t d;
+  size_t size;
+  gcry_ctx_t ctx;
+  int rc;
+  gcry_mpi_t g_x;
+  gcry_mpi_t g_y;
+  gcry_mpi_point_t g;
+  if (once)
+    return &anonymous;
+  d = gcry_mpi_new (1);
+  gcry_mpi_set_ui (d, 1);
+  size = sizeof (anonymous.d);
+  GNUNET_assert (0 ==
+                 gcry_mpi_print (GCRYMPI_FMT_USG, anonymous.d, size, &size,
+                                 d));
+  gcry_mpi_release (d);
+  adjust (anonymous.d, size, sizeof (anonymous.d));
+  
+  /* create basic ECC context */
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, "NIST P-256")))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, 
+              "gcry_mpi_ec_new", rc);
+    return NULL;
+  }  
+  g = gcry_mpi_ec_get_point ("g", ctx, 0);
+  g_x = gcry_mpi_new (256);
+  g_y = gcry_mpi_new (256);
+  gcry_mpi_ec_get_affine (g_x, g_y, g, ctx);
+  gcry_mpi_point_release (g);
+  gcry_ctx_release (ctx);
+  /* store g_x/g_y in public key */
+  size = sizeof (anonymous.public_key.q_x);  
+  if (0 !=
+      gcry_mpi_print (GCRYMPI_FMT_USG, anonymous.public_key.q_x, size, &size,
+                      g_x))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_print", rc);
+    gcry_mpi_release (g_x);
+    gcry_mpi_release (g_y);
+    return NULL;
+  }
+  adjust (anonymous.public_key.q_x, size, sizeof (anonymous.public_key.q_x));
+  gcry_mpi_release (g_x);
+  size = sizeof (anonymous.public_key.q_y);  
+  if (0 !=
+      gcry_mpi_print (GCRYMPI_FMT_USG, anonymous.public_key.q_y, size, &size,
+                      g_y))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_print", rc);
+    gcry_mpi_release (g_y);
+    return NULL;
+  }
+  adjust (anonymous.public_key.q_y, size, sizeof (anonymous.public_key.q_y));
+  gcry_mpi_release (g_y);
+  once = 1;
  return &anonymous;
 }
@@ -1122,21 +1183,13 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
  int rc;
  /* get private key 'd' from pseudonym */
-  if (&anonymous == ph)
+  size = sizeof (ph->d);
-  {
+  if (0 != (rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG,
-    d = gcry_mpi_new (0);
+                                &ph->d,
-    gcry_mpi_set_ui (d, 0);
+                                size, &size)))
-  }
-  else
  {
-    size = sizeof (ph->d);
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
-    if (0 != (rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG,
+    return GNUNET_SYSERR;
-                                  &ph->d,
-                                  size, &size)))
-    {
-      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
-      return GNUNET_SYSERR;
-    }
  }
  /* get 'x' value from signing key */
  size = sizeof (struct GNUNET_HashCode);
@@ -1159,9 +1212,9 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
    return GNUNET_SYSERR;
  }
-  /* calculate dx = d + h mod n */
+  /* calculate dh = d * h mod n */
  dh = gcry_mpi_new (256);
-  gcry_mpi_addm (dh, d, h, n);  
+  gcry_mpi_mulm (dh, d, h, n);
  gcry_mpi_release (d);
  gcry_mpi_release (h);
  gcry_mpi_release (n);
@@ -1297,7 +1350,7 @@ get_context_from_pseudonym (struct GNUNET_FS_PseudonymIdentifier *pseudonym)
      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc);  /* erroff gives more info */
      return NULL;
    }  
-    /* initialize 'ctx' with 'q' = 0 */
+    /* FIXME: initialize 'ctx' with 'q' = G */
    zero = gcry_mpi_new (0);
    gcry_mpi_set_ui (zero, 0);
    q = gcry_mpi_point_new (0);
@@ -1346,7 +1399,7 @@ get_context_from_pseudonym (struct GNUNET_FS_PseudonymIdentifier *pseudonym)
 * @param pseudonym the public key (dQ in ECDSA)
 * @param signing_key input to derive 'h' (see section 2.4 of #2564)
 * @param verification_key resulting public key to verify the signature
- *        created from the '(d+h)' of 'pseudonym' and the 'signing_key';
+ *        created from the '(d*h)' of 'pseudonym' and the 'signing_key';
 *        the value stored here can then be given to GNUNET_FS_pseudonym_verify.
 * @return GNUNET_OK on success, GNUNET_SYSERR on error
 */
@@ -1359,12 +1412,12 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie
  size_t size;
  int rc;
  gcry_ctx_t ctx;
-  gcry_mpi_point_t g;
  gcry_mpi_point_t q;
-  gcry_mpi_point_t hg;
  gcry_mpi_point_t v;
  gcry_mpi_t v_x;
  gcry_mpi_t v_y;
+  gcry_mpi_t h_mod_n;
+  gcry_mpi_t n; /* n from P-256 */
  /* get 'h' value from signing key */
  size = sizeof (struct GNUNET_HashCode);
@@ -1381,22 +1434,26 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie
    gcry_mpi_release (h);
    return GNUNET_SYSERR;
  }
-  /* get G */  
+  /* initialize 'n' from P-256; hex copied from libgcrypt code */
-  g = gcry_mpi_ec_get_point ("g", ctx, 0);
+  if (0 != (rc = gcry_mpi_scan (&n, GCRYMPI_FMT_HEX,
+                                "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 0, NULL)))
-  /* then call the 'multiply' function, to compute the product hG */
+  {
-  hg = gcry_mpi_point_new (0);
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
-  gcry_mpi_ec_mul (hg, h, g, ctx);
+  gcry_mpi_release (h);
-  gcry_mpi_point_release (g);
+    return GNUNET_SYSERR;
+  }
+  h_mod_n = gcry_mpi_new (0);
+  gcry_mpi_mod (h_mod_n, h, n);
  gcry_mpi_release (h);
  /* get Q = dG from 'pseudonym' */
  q = gcry_mpi_ec_get_point ("q", ctx, 0);
-  /* calculate V = Q + hG = dG + hG = (d + h)G*/
+  /* calculate V = hQ = hdG */
  v = gcry_mpi_point_new (0);
-  gcry_mpi_ec_add (v, q, hg, ctx);
-  gcry_mpi_point_release (hg);
  
+  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
+  gcry_mpi_release (h_mod_n);
  /* store 'v' point in "verification_key" */
  v_x = gcry_mpi_new (256);
  v_y = gcry_mpi_new (256);
@@ -1566,11 +1623,8 @@ void
 GNUNET_FS_pseudonym_get_identifier (struct GNUNET_FS_PseudonymHandle *ph,
                                    struct GNUNET_FS_PseudonymIdentifier *pseudonym)
 {
-  if (&anonymous == ph)
+  memcpy (pseudonym, &ph->public_key,
-    memset (pseudonym, 0, sizeof (struct GNUNET_FS_PseudonymIdentifier));
+          sizeof (struct GNUNET_FS_PseudonymIdentifier));
-  else
-    memcpy (pseudonym, &ph->public_key,
-            sizeof (struct GNUNET_FS_PseudonymIdentifier));
 }
diff --git a/src/fs/fs_publish_ksk.c b/src/fs/fs_publish_ksk.c
index 3b0f1d4fb..10512af5f 100644
--- a/src/fs/fs_publish_ksk.c
+++ b/src/fs/fs_publish_ksk.c
@@ -177,23 +177,35 @@ publish_ksk_cont (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  struct UBlock *ub_dst;
  pkc->ksk_task = GNUNET_SCHEDULER_NO_TASK;
-  if ((pkc->i == pkc->ksk_uri->data.ksk.keywordCount) || (NULL == pkc->dsh))
+  if ( (pkc->i == pkc->ksk_uri->data.ksk.keywordCount) ||
+       (NULL == pkc->dsh) )
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "KSK PUT operation complete\n");
    pkc->cont (pkc->cont_cls, pkc->ksk_uri, NULL);
    GNUNET_FS_publish_ksk_cancel (pkc);
    return;
  }
+  keyword = pkc->ksk_uri->data.ksk.keywords[pkc->i++];
+  pkc->sks_task = GNUNET_FS_publish_sks (pkc->h,
+                                         anonymous,
+                                         keyword, NULL,
+                                         pkc->meta,
+                                         pkc->uri,
+                                         &pkc->bo,
+                                         pkc->options,
+                                         &publish_ksk_cont, pkc);
+                                         
  /* derive signing seed from plaintext */
  GNUNET_CRYPTO_hash (&pkc->ub[1],
                      1 + pkc->slen + pkc->mdsize,
                      &seed);
-  keyword = pkc->ksk_uri->data.ksk.keywords[pkc->i++];
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Publishing under keyword `%s'\n",
              &keyword[1]);  
  /* first character of keyword indicates if it is
   * mandatory or not -- ignore for hashing */
  GNUNET_CRYPTO_hash (&keyword[1], strlen (&keyword[1]), &key);
  GNUNET_CRYPTO_hash_to_aes_key (&key, &skey, &iv);
  ub_dst = pkc->cpy;
  GNUNET_CRYPTO_aes_encrypt (&pkc->ub[1], 
@@ -202,8 +214,9 @@ publish_ksk_cont (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
                             &ub_dst[1]);
  ph = GNUNET_FS_pseudonym_get_anonymous_pseudonym_handle ();
  GNUNET_CRYPTO_hash (&key, sizeof (key), &signing_key);
-  ub_dst->purpose.size = htonl (1 + pkc->slen + pkc->mdsize + sizeof (struct UBlock)
+  ub_dst->purpose.size = htonl (1 + pkc->slen + pkc->mdsize + 
-                                  - sizeof (struct GNUNET_FS_PseudonymSignature));
+                                sizeof (struct UBlock)
+                                - sizeof (struct GNUNET_FS_PseudonymSignature));
  ub_dst->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK);
  
  GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym);
diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c
index 48c347a52..78b5459fd 100644
--- a/src/fs/fs_uri.c
+++ b/src/fs/fs_uri.c
@@ -117,7 +117,7 @@ GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode *
  case GNUNET_FS_URI_LOC:
    GNUNET_CRYPTO_hash (&uri->data.loc.fi,
                        sizeof (struct FileIdentifier) +
-                        sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                        sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                        key);
    break;
  default:
@@ -520,7 +520,7 @@ struct LocUriAssembly
  struct FileIdentifier fi;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded peer;
+  struct GNUNET_CRYPTO_EccPublicKey peer;
 };
@@ -591,7 +591,7 @@ uri_loc_parse (const char *s, char **emsg)
  npos++;
  ret =
      enc2bin (&s[npos], &ass.peer,
-               sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+               sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  if (ret == -1)
  {
    *emsg =
@@ -828,7 +828,7 @@ GNUNET_FS_uri_loc_get_peer_identity (const struct GNUNET_FS_Uri *uri,
  if (uri->type != GNUNET_FS_URI_LOC)
    return GNUNET_SYSERR;
  GNUNET_CRYPTO_hash (&uri->data.loc.peer,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &peer->hashPubKey);
  return GNUNET_OK;
 }
@@ -884,7 +884,7 @@ GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *baseUri,
 {
  struct GNUNET_FS_Uri *uri;
  struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+  struct GNUNET_CRYPTO_EccPublicKey my_public_key;
  char *keyfile;
  struct LocUriAssembly ass;
@@ -1307,7 +1307,7 @@ GNUNET_FS_uri_test_equal (const struct GNUNET_FS_Uri *u1,
    if (memcmp
        (&u1->data.loc, &u2->data.loc,
         sizeof (struct FileIdentifier) +
-         sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+         sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
         sizeof (struct GNUNET_TIME_Absolute) + sizeof (unsigned short) +
         sizeof (unsigned short)) != 0)
      return GNUNET_NO;
@@ -2049,7 +2049,7 @@ uri_loc_to_string (const struct GNUNET_FS_Uri *uri)
  GNUNET_CRYPTO_hash_to_enc (&uri->data.loc.fi.chk.query, &queryhash);
  peerId =
      bin2enc (&uri->data.loc.peer,
-               sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+               sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  peerSig =
      bin2enc (&uri->data.loc.contentSignature,
               sizeof (struct GNUNET_CRYPTO_EccSignature));
diff --git a/src/fs/test_fs_defaults.conf b/src/fs/test_fs_defaults.conf
index 7d87c0e2f..dd0d729e2 100644
--- a/src/fs/test_fs_defaults.conf
+++ b/src/fs/test_fs_defaults.conf
@@ -92,3 +92,7 @@ AUTOSTART = NO
 [consensus]
 AUTOSTART = NO
+[mesh]
+REFRESH_PATH_TIME = 30 min
diff --git a/src/gns/gns.h b/src/gns/gns.h
index e5d48fa27..a4830bda4 100644
--- a/src/gns/gns.h
+++ b/src/gns/gns.h
@@ -71,9 +71,9 @@ struct GNUNET_GNS_ClientLookupMessage
  uint32_t only_cached GNUNET_PACKED;
  /**
-   * Should we look up in the default zone?
+   * Should we look up in the given zone, instead of the default zone?
   */
-  uint32_t use_default_zone GNUNET_PACKED;
+  uint32_t have_zone GNUNET_PACKED;
  /**
   * Is a shorten key attached?
@@ -84,8 +84,11 @@ struct GNUNET_GNS_ClientLookupMessage
   * the type of record to look up
   */
  /* enum GNUNET_GNS_RecordType */ uint32_t type;
+  
-  /* Followed by the key for shorten (optional) see have_key */
+  /**
+   * The key for shorten, if 'have_key' is set 
+   */
+  struct GNUNET_CRYPTO_EccPrivateKey shorten_key;
  /* Followed by the name to look up */
 };
diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c
index fe378a922..e672c5687 100644
--- a/src/gns/gns_api.c
+++ b/src/gns/gns_api.c
@@ -832,35 +832,20 @@ GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
  struct GNUNET_GNS_LookupRequest *lr;
  size_t msize;
  struct PendingMessage *pending;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *pkey_enc;
-  size_t key_len;
-  char* pkey_tmp;
  if (NULL == name)
  {
    GNUNET_break (0);
    return NULL;
  } 
-  if (NULL != shorten_key)
-  {
-    pkey_enc = GNUNET_CRYPTO_ecc_encode_key (shorten_key);
-    GNUNET_assert (pkey_enc != NULL);
-    key_len = ntohs (pkey_enc->size);
-  }
-  else
-  {
-    pkey_enc = NULL;
-    key_len = 0;
-  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Trying to lookup `%s' in GNS\n", 
              name);
  msize = sizeof (struct GNUNET_GNS_ClientLookupMessage)
-    + key_len + strlen (name) + 1;
+    + strlen (name) + 1;
  if (msize > UINT16_MAX)
  {
    GNUNET_break (0);
-    GNUNET_free (pkey_enc);
    return NULL;
  }
  lr = GNUNET_malloc (sizeof (struct GNUNET_GNS_LookupRequest) +
@@ -882,26 +867,16 @@ GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
  lookup_msg->only_cached = htonl (only_cached);
  if (NULL != zone)
  {
-    lookup_msg->use_default_zone = htonl (GNUNET_NO);
+    lookup_msg->have_zone = htonl (GNUNET_YES);
-    memcpy (&lookup_msg->zone, zone, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+    lookup_msg->zone = *zone;
  }
-  else
-  {
-    lookup_msg->use_default_zone = htonl (GNUNET_YES);
-    memset (&lookup_msg->zone, 0, sizeof(struct GNUNET_CRYPTO_ShortHashCode));
-  }  
  lookup_msg->type = htonl (type);
-  pkey_tmp = (char *) &lookup_msg[1];  
+  if (NULL != shorten_key)
-  if (pkey_enc != NULL)
  {
    lookup_msg->have_key = htonl (GNUNET_YES);
-    memcpy (pkey_tmp, pkey_enc, key_len);
+    lookup_msg->shorten_key = *shorten_key;
  }
-  else
+  memcpy (&lookup_msg[1], name, strlen (name) + 1);
-    lookup_msg->have_key = htonl (GNUNET_NO);
-  GNUNET_free_non_null (pkey_enc);
-  memcpy (&pkey_tmp[key_len], name, strlen (name) + 1);
  GNUNET_CONTAINER_DLL_insert_tail (handle->pending_head,
                                    handle->pending_tail,
                                    pending);
diff --git a/src/gns/gnunet-gns-fcfsd.c b/src/gns/gnunet-gns-fcfsd.c
index 25fde90ec..832060583 100644
--- a/src/gns/gnunet-gns-fcfsd.c
+++ b/src/gns/gnunet-gns-fcfsd.c
@@ -229,7 +229,7 @@ run_httpd_now ()
 static void
 iterate_cb (void *cls,
-                const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                struct GNUNET_TIME_Absolute expire,
                const char *name,
                unsigned int rd_len,
@@ -506,7 +506,7 @@ put_continuation (void *cls,
 */
 static void 
 zone_to_name_cb (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                 struct GNUNET_TIME_Absolute expire,                        
                 const char *name,
                 unsigned int rd_count,
@@ -566,7 +566,7 @@ zone_to_name_cb (void *cls,
 */
 static void 
 lookup_result_processor (void *cls,
-                         const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                         const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                         struct GNUNET_TIME_Absolute expire,                        
                         const char *name,
                         unsigned int rd_count,
@@ -883,7 +883,7 @@ run (void *cls, char *const *args, const char *cfgfile,
 {
  char *keyfile;
  unsigned long long port;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_number (cfg,
diff --git a/src/gns/gnunet-gns-helper-service-w32.c b/src/gns/gnunet-gns-helper-service-w32.c
index a15b3547c..f0bf6577c 100644
--- a/src/gns/gnunet-gns-helper-service-w32.c
+++ b/src/gns/gnunet-gns-helper-service-w32.c
@@ -663,7 +663,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
  char* keyfile;
  struct GNUNET_CRYPTO_EccPrivateKey *key = NULL;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
@@ -680,7 +680,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
      key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
      GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
      GNUNET_CRYPTO_short_hash(&pkey,
-                         sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                         sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                         &user_zone);
      zone = &user_zone;
      GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 59e4f89fe..4752422dd 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -3189,7 +3189,7 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
  char *keyfile;
  struct GNUNET_CRYPTO_EccPrivateKey *key;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_CRYPTO_ShortHashCode *zone;
  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
@@ -3212,9 +3212,9 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
  key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
  GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
  local_gns_zone = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_ShortHashCode));
-  GNUNET_CRYPTO_short_hash(&pkey,
+  GNUNET_CRYPTO_short_hash (&pkey,
-                           sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
-                           local_gns_zone);
+                            local_gns_zone);
  zone = local_gns_zone;
  GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -3241,9 +3241,9 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
    key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
    GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
    local_private_zone = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_ShortHashCode));
-    GNUNET_CRYPTO_short_hash(&pkey,
+    GNUNET_CRYPTO_short_hash (&pkey,
-                             sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey),
-                             local_private_zone);
+                              local_private_zone);
    GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Using private zone: %s!\n", &zonename);
@@ -3270,9 +3270,9 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
    key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
    GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
    local_shorten_zone = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_ShortHashCode));
-    GNUNET_CRYPTO_short_hash(&pkey,
+    GNUNET_CRYPTO_short_hash (&pkey,
-                             sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof(struct GNUNET_CRYPTO_EccPublicKey),
-                             local_shorten_zone);
+                              local_shorten_zone);
    GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Using shorten zone: %s!\n", &zonename);
diff --git a/src/gns/gnunet-gns.c b/src/gns/gnunet-gns.c
index 542a8106d..fa0a99590 100644
--- a/src/gns/gnunet-gns.c
+++ b/src/gns/gnunet-gns.c
@@ -205,7 +205,7 @@ run (void *cls, char *const *args, const char *cfgfile,
 {
  char* keyfile;
  struct GNUNET_CRYPTO_EccPrivateKey *key = NULL;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_CRYPTO_ShortHashCode *zone = NULL;
  struct GNUNET_CRYPTO_ShortHashCode user_zone;
  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
@@ -233,7 +233,7 @@ run (void *cls, char *const *args, const char *cfgfile,
    key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
    GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
    GNUNET_CRYPTO_short_hash (&pkey,
-                              sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                              &user_zone);
    zone = &user_zone;
    GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
@@ -257,7 +257,7 @@ run (void *cls, char *const *args, const char *cfgfile,
    GNUNET_CRYPTO_ecc_key_get_public (shorten_key, &pkey);
    shorten_zone = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_ShortHashCode));
    GNUNET_CRYPTO_short_hash(&pkey,
-                             sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                             sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                             shorten_zone);
    GNUNET_CRYPTO_short_hash_to_enc (shorten_zone, &zonename);
    if (! raw)
@@ -277,10 +277,10 @@ run (void *cls, char *const *args, const char *cfgfile,
  {
    private_key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
    GNUNET_CRYPTO_ecc_key_get_public (private_key, &pkey);
-    private_zone = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+    private_zone = GNUNET_new (struct GNUNET_CRYPTO_ShortHashCode);
-    GNUNET_CRYPTO_short_hash(&pkey,
+    GNUNET_CRYPTO_short_hash (&pkey,
-                             sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof(struct GNUNET_CRYPTO_EccPublicKey),
-                             private_zone);
+                              private_zone);
    GNUNET_CRYPTO_short_hash_to_enc (private_zone, &zonename);
    if (! raw)
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index fcfa4b138..8200e3f87 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -382,7 +382,7 @@ publish_zone_dht_start (void *cls,
 */
 static void
 put_gns_record (void *cls,
-                const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                const struct GNUNET_CRYPTO_EccPublicKey *key,
                struct GNUNET_TIME_Absolute expiration,
                const char *name,
                unsigned int rd_count,
@@ -486,7 +486,7 @@ put_gns_record (void *cls,
  nrb_data += namelen;
  rd_payload_length += sizeof(struct GNSNameRecordBlock) + namelen;
  GNUNET_CRYPTO_short_hash (key,
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &zhash);
  if (-1 == GNUNET_NAMESTORE_records_serialize (rd_count,
                                                rd,
@@ -637,7 +637,7 @@ send_shorten_response (void* cls, const char* name)
 */
 static void
 process_shorten_in_private_zone_lookup (void *cls,
-                                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                                        const struct GNUNET_CRYPTO_EccPublicKey *key,
                                        struct GNUNET_TIME_Absolute expiration,
                                        const char *name,
                                        unsigned int rd_count,
@@ -693,7 +693,7 @@ process_shorten_in_private_zone_lookup (void *cls,
 */
 static void
 process_shorten_in_root_zone_lookup (void *cls,
-                                     const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                                     const struct GNUNET_CRYPTO_EccPublicKey *key,
                                     struct GNUNET_TIME_Absolute expiration,
                                     const char *name,
                                     unsigned int rd_count,
@@ -749,7 +749,7 @@ process_shorten_in_root_zone_lookup (void *cls,
 */
 static void
 process_private_in_root_zone_lookup (void *cls,
-                                     const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                                     const struct GNUNET_CRYPTO_EccPublicKey *key,
                                     struct GNUNET_TIME_Absolute expiration,
                                     const char *name,
                                     unsigned int rd_count,
@@ -1075,9 +1075,7 @@ handle_lookup (void *cls,
  char* nameptr = name;
  const char *utf_in;
  int only_cached;
-  struct GNUNET_CRYPTO_EccPrivateKey *key;
+  const struct GNUNET_CRYPTO_EccPrivateKey *key;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *pkey;
-  char* tmp_pkey;
  uint16_t msg_size;
  const struct GNUNET_GNS_ClientLookupMessage *sh_msg;
  
@@ -1094,24 +1092,20 @@ handle_lookup (void *cls,
  GNUNET_SERVER_notification_context_add (nc, client);
  if (GNUNET_YES == ntohl (sh_msg->have_key))
  {
-    pkey = (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *) &sh_msg[1];
+    key = &sh_msg->shorten_key;
-    tmp_pkey = (char*) &sh_msg[1];
-    key = GNUNET_CRYPTO_ecc_decode_key (tmp_pkey, ntohs (pkey->size),
-                                        GNUNET_NO);
-    GNUNET_STRINGS_utf8_tolower (&tmp_pkey[ntohs (pkey->size)], &nameptr);
  }
  else
  {
    key = NULL;
-    utf_in = (const char *) &sh_msg[1];
-    if ('\0' != utf_in[msg_size - sizeof (struct GNUNET_GNS_ClientLookupMessage) - 1])
-    {
-      GNUNET_break (0);
-      GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
-      return;
-    }  
-    GNUNET_STRINGS_utf8_tolower (utf_in, &nameptr);
  }
+  utf_in = (const char *) &sh_msg[1];
+  if ('\0' != utf_in[msg_size - sizeof (struct GNUNET_GNS_ClientLookupMessage) - 1])
+  {
+    GNUNET_break (0);
+    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
+    return;
+  }  
+  GNUNET_STRINGS_utf8_tolower (utf_in, &nameptr);
  
  namelen = strlen (name) + 1;
  clh = GNUNET_malloc (sizeof (struct ClientLookupHandle));
@@ -1121,8 +1115,11 @@ handle_lookup (void *cls,
  strcpy (clh->name, name);
  clh->request_id = sh_msg->id;
  clh->type = ntohl (sh_msg->type);
-  clh->shorten_key = key;
+  if (NULL != key)
+  {
+    clh->shorten_key = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
+    *clh->shorten_key = *key;
+  }
  only_cached = ntohl (sh_msg->only_cached);
  
  if (strlen (name) > GNUNET_DNSPARSER_MAX_NAME_LENGTH) {
@@ -1153,7 +1150,7 @@ handle_lookup (void *cls,
    return;
  }
  
-  if (1 == ntohl (sh_msg->use_default_zone))
+  if (GNUNET_NO == ntohl (sh_msg->have_zone))
    clh->zone = zone_hash;  /* Default zone */
  else
    clh->zone = sh_msg->zone;
@@ -1196,7 +1193,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
    {&handle_get_authority, NULL, GNUNET_MESSAGE_TYPE_GNS_GET_AUTH, 0}
  };
  char* keyfile;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  unsigned long long max_parallel_bg_queries = 0;
  int ignore_pending = GNUNET_NO;
@@ -1217,9 +1214,9 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
  zone_key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile);
  GNUNET_CRYPTO_ecc_key_get_public (zone_key, &pkey);
-  GNUNET_CRYPTO_short_hash(&pkey,
+  GNUNET_CRYPTO_short_hash (&pkey,
-                     sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof(struct GNUNET_CRYPTO_EccPublicKey),
-                     &zone_hash);
+                            &zone_hash);
  GNUNET_free(keyfile);
  namestore_handle = GNUNET_NAMESTORE_connect (c);
  if (NULL == namestore_handle)
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 2cde3e37e..2e96b60ea 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -270,7 +270,7 @@ create_pkey_cont (void* cls, int32_t success, const char* emsg)
 */
 static void
 process_pseu_lookup_ns (void* cls,
-                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                        const struct GNUNET_CRYPTO_EccPublicKey *key,
                        struct GNUNET_TIME_Absolute expiration,
                        const char *name, unsigned int rd_count,
                        const struct GNUNET_NAMESTORE_RecordData *rd,
@@ -464,12 +464,12 @@ process_auth_discovery_dht_result (void* cls,
 */
 static void
 process_auth_discovery_ns_result (void* cls,
-                      const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                                  const struct GNUNET_CRYPTO_EccPublicKey *key,
-                      struct GNUNET_TIME_Absolute expiration,
+                                  struct GNUNET_TIME_Absolute expiration,
-                      const char *name,
+                                  const char *name,
-                      unsigned int rd_count,
+                                  unsigned int rd_count,
-                      const struct GNUNET_NAMESTORE_RecordData *rd,
+                                  const struct GNUNET_NAMESTORE_RecordData *rd,
-                      const struct GNUNET_CRYPTO_EccSignature *signature)
+                                  const struct GNUNET_CRYPTO_EccSignature *signature)
 {
  struct GetPseuAuthorityHandle* gph = cls;
  struct GNUNET_HashCode lookup_key;
@@ -537,7 +537,7 @@ process_auth_discovery_ns_result (void* cls,
 */
 static void
 process_zone_to_name_discover (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                 struct GNUNET_TIME_Absolute expire,
                 const char *name,
                 unsigned int rd_len,
@@ -575,12 +575,11 @@ shorten_authority_chain (struct GetPseuAuthorityHandle *gph)
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "GNS_AUTO_PSEU: New authority %s discovered\n",
              gph->auth->name);
  gph->namestore_task = GNUNET_NAMESTORE_zone_to_name (namestore_handle,
-                                 &gph->our_zone,
+                                                       &gph->our_zone,
-                                 &gph->auth->zone,
+                                                       &gph->auth->zone,
-                                 &process_zone_to_name_discover,
+                                                       &process_zone_to_name_discover,
-                                 gph);
+                                                       gph);
 }
@@ -596,21 +595,12 @@ start_shorten (struct AuthorityChain *auth,
               const struct GNUNET_CRYPTO_EccPrivateKey *key)
 {
  struct GetPseuAuthorityHandle *gph;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *pb_key;
  
  GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
-  if (NULL == (pb_key = GNUNET_CRYPTO_ecc_encode_key (key)))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Failed to encode ECC key on shorten\n");
-    return;
-  }
  gph = GNUNET_new (struct GetPseuAuthorityHandle);
-  gph->key = GNUNET_CRYPTO_ecc_decode_key ((const char*) pb_key, 
+  gph->key = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
-                                           ntohs (pb_key->size),
+  *gph->key = *key;
-                                           GNUNET_YES);
-  GNUNET_free (pb_key);
  if (NULL == gph->key)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
@@ -619,7 +609,7 @@ start_shorten (struct AuthorityChain *auth,
    return;
  }
  GNUNET_CRYPTO_short_hash (&pkey,
-                        sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                        sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                        &gph->our_zone);
  gph->auth = GNUNET_malloc (sizeof (struct AuthorityChain));
  memcpy (gph->auth, auth, sizeof (struct AuthorityChain));
@@ -1157,7 +1147,7 @@ resolve_record_dht (struct ResolverHandle *rh)
 */
 static void
 process_record_result_ns (void* cls,
-                          const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                          const struct GNUNET_CRYPTO_EccPublicKey *key,
                          struct GNUNET_TIME_Absolute expiration,
                          const char *name, unsigned int rd_count,
                          const struct GNUNET_NAMESTORE_RecordData *rd,
@@ -1172,7 +1162,7 @@ process_record_result_ns (void* cls,
  rh->namestore_task = NULL;
  GNUNET_CRYPTO_short_hash (key,
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &zone);
  remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
  rh->status = 0;
@@ -2040,7 +2030,7 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
 */
 static void
 process_pkey_revocation_result_ns (void *cls,
-                                   const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                                   const struct GNUNET_CRYPTO_EccPublicKey *key,
                                   struct GNUNET_TIME_Absolute expiration,
                                   const char *name,
                                   unsigned int rd_count,
@@ -3069,7 +3059,7 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
 */
 static void
 process_delegation_result_ns (void* cls,
-                              const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *key,
+                              const struct GNUNET_CRYPTO_EccPublicKey *key,
                              struct GNUNET_TIME_Absolute expiration,
                              const char *name,
                              unsigned int rd_count,
@@ -3086,7 +3076,7 @@ process_delegation_result_ns (void* cls,
 
  rh->namestore_task = NULL;
  GNUNET_CRYPTO_short_hash (key,
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &zone);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "GNS_PHASE_DELEGATE_NS-%llu: Got %d records from authority lookup for `%s' in zone %s\n",
@@ -3515,7 +3505,7 @@ finish_shorten (struct ResolverHandle *rh,
 */
 static void
 process_zone_to_name_shorten_root (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                 struct GNUNET_TIME_Absolute expire,
                 const char *name,
                 unsigned int rd_len,
@@ -3537,12 +3527,12 @@ process_zone_to_name_shorten_root (void *cls,
 */
 static void
 process_zone_to_name_shorten_shorten (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
-                 struct GNUNET_TIME_Absolute expire,
+                                      struct GNUNET_TIME_Absolute expire,
-                 const char *name,
+                                      const char *name,
-                 unsigned int rd_len,
+                                      unsigned int rd_len,
-                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                                      const struct GNUNET_NAMESTORE_RecordData *rd,
-                 const struct GNUNET_CRYPTO_EccSignature *signature)
+                                      const struct GNUNET_CRYPTO_EccSignature *signature)
 {
  struct ResolverHandle *rh = cls;
  struct NameShortenHandle* nsh = rh->proc_cls;
@@ -3653,12 +3643,12 @@ process_zone_to_name_shorten_shorten (void *cls,
 */
 static void
 process_zone_to_name_shorten_private (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
-                 struct GNUNET_TIME_Absolute expire,
+                                      struct GNUNET_TIME_Absolute expire,
-                 const char *name,
+                                      const char *name,
-                 unsigned int rd_len,
+                                      unsigned int rd_len,
-                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                                      const struct GNUNET_NAMESTORE_RecordData *rd,
-                 const struct GNUNET_CRYPTO_EccSignature *signature)
+                                      const struct GNUNET_CRYPTO_EccSignature *signature)
 {
  struct ResolverHandle *rh = cls;
  struct NameShortenHandle* nsh = rh->proc_cls;
@@ -3768,12 +3758,12 @@ process_zone_to_name_shorten_private (void *cls,
 */
 static void
 process_zone_to_name_shorten_root (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                   const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
-                 struct GNUNET_TIME_Absolute expire,
+                                   struct GNUNET_TIME_Absolute expire,
-                 const char *name,
+                                   const char *name,
-                 unsigned int rd_len,
+                                   unsigned int rd_len,
-                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                                   const struct GNUNET_NAMESTORE_RecordData *rd,
-                 const struct GNUNET_CRYPTO_EccSignature *signature)
+                                   const struct GNUNET_CRYPTO_EccSignature *signature)
 {
  struct ResolverHandle *rh = cls;
  struct NameShortenHandle* nsh = rh->proc_cls;
@@ -3990,13 +3980,13 @@ handle_delegation_ns_shorten (void* cls,
 * @param signature the signature for the record data
 */
 static void
-process_zone_to_name_zkey(void *cls,
+process_zone_to_name_zkey (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                           const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
-                 struct GNUNET_TIME_Absolute expire,
+                           struct GNUNET_TIME_Absolute expire,
-                 const char *name,
+                           const char *name,
-                 unsigned int rd_len,
+                           unsigned int rd_len,
-                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                           const struct GNUNET_NAMESTORE_RecordData *rd,
-                 const struct GNUNET_CRYPTO_EccSignature *signature)
+                           const struct GNUNET_CRYPTO_EccSignature *signature)
 {
  struct ResolverHandle *rh = cls;
  struct NameShortenHandle *nsh = rh->proc_cls;
diff --git a/src/gns/plugin_block_gns.c b/src/gns/plugin_block_gns.c
index 72149ef4f..ffc38c99b 100644
--- a/src/gns/plugin_block_gns.c
+++ b/src/gns/plugin_block_gns.c
@@ -237,7 +237,7 @@ block_plugin_gns_get_key (void *cls, enum GNUNET_BLOCK_Type type,
    return GNUNET_SYSERR; 
  }
  GNUNET_CRYPTO_short_hash (&nrb->public_key,
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &pkey_hash);
  GNUNET_GNS_get_key_for_record (name, &pkey_hash, key);
  return GNUNET_OK;
diff --git a/src/gns/test_gns_cname_lookup.c b/src/gns/test_gns_cname_lookup.c
index cc1df9407..325583001 100644
--- a/src/gns/test_gns_cname_lookup.c
+++ b/src/gns/test_gns_cname_lookup.c
@@ -334,7 +334,7 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  char* alice_keyfile;
diff --git a/src/gns/test_gns_dht_delegated_lookup.c b/src/gns/test_gns_dht_delegated_lookup.c
index e743e0fd3..fbaacfdfa 100644
--- a/src/gns/test_gns_dht_delegated_lookup.c
+++ b/src/gns/test_gns_dht_delegated_lookup.c
@@ -65,8 +65,8 @@ static struct GNUNET_DHT_Handle *dht_handle;
 static const struct GNUNET_CONFIGURATION_Handle *cfg;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
 static struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
 static struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
@@ -262,7 +262,7 @@ put_dht(void *cls, int32_t success, const char *emsg)
  }
  GNUNET_CRYPTO_short_hash(TEST_RECORD_NAME, strlen(TEST_RECORD_NAME), &name_hash);
  GNUNET_CRYPTO_short_hash(&bob_pkey,
-                     sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                     sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                     &zone_hash);
  GNUNET_CRYPTO_short_hash_double(&zone_hash, &zone_hash_double);
  GNUNET_CRYPTO_short_hash_double(&name_hash, &name_hash_double);
diff --git a/src/gns/test_gns_dht_three_peers.c b/src/gns/test_gns_dht_three_peers.c
index 58edb9cc5..35a738aef 100644
--- a/src/gns/test_gns_dht_three_peers.c
+++ b/src/gns/test_gns_dht_three_peers.c
@@ -309,7 +309,7 @@ setup_dave (const struct GNUNET_CONFIGURATION_Handle * cfg)
 {
  char* keyfile;
  struct GNUNET_CRYPTO_EccPrivateKey *key;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct in_addr *web;
  struct GNUNET_NAMESTORE_RecordData rd;
@@ -380,7 +380,7 @@ setup_bob (const struct GNUNET_CONFIGURATION_Handle * cfg)
 {
  char* keyfile;
  struct GNUNET_CRYPTO_EccPrivateKey *key;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_NAMESTORE_RecordData rd;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Setting up bob\n");
diff --git a/src/gns/test_gns_max_queries.c b/src/gns/test_gns_max_queries.c
index 82273798f..cc993e347 100644
--- a/src/gns/test_gns_max_queries.c
+++ b/src/gns/test_gns_max_queries.c
@@ -252,8 +252,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  char* alice_keyfile;
diff --git a/src/gns/test_gns_ns_lookup.c b/src/gns/test_gns_ns_lookup.c
index e62d34e9a..0673243b6 100644
--- a/src/gns/test_gns_ns_lookup.c
+++ b/src/gns/test_gns_ns_lookup.c
@@ -561,7 +561,7 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
  char* alice_keyfile;
  struct GNUNET_NAMESTORE_RecordData rd[2];
  struct in_addr ns;
diff --git a/src/gns/test_gns_pseu_shorten.c b/src/gns/test_gns_pseu_shorten.c
index 28f92f8b5..7413c7074 100644
--- a/src/gns/test_gns_pseu_shorten.c
+++ b/src/gns/test_gns_pseu_shorten.c
@@ -69,11 +69,11 @@ static struct GNUNET_DHT_Handle *dht_handle;
 static const struct GNUNET_CONFIGURATION_Handle *cfg;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded our_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey our_pkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded priv_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey priv_pkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded short_pkey;
+static struct GNUNET_CRYPTO_EccPublicKey short_pkey;
 static struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
 static struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
 static struct GNUNET_CRYPTO_EccPrivateKey *our_key;
@@ -316,7 +316,7 @@ put_pseu_dht (void *cls, int success)
  }
  GNUNET_CRYPTO_short_hash(GNUNET_GNS_MASTERZONE_STR, strlen(GNUNET_GNS_MASTERZONE_STR), &name_hash);
  GNUNET_CRYPTO_short_hash(&alice_pkey,
-                     sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                     sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                     &zone_hash);
  GNUNET_CRYPTO_short_hash_double(&name_hash, &name_hash_double);
@@ -405,7 +405,7 @@ put_www_dht (void *cls, int success)
  }
  GNUNET_CRYPTO_short_hash(TEST_RECORD_NAME, strlen(TEST_RECORD_NAME), &name_hash);
  GNUNET_CRYPTO_short_hash(&alice_pkey,
-                     sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                     sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                     &zone_hash);
  GNUNET_CRYPTO_short_hash_double(&zone_hash, &zone_hash_double);
  GNUNET_CRYPTO_short_hash_double(&name_hash, &name_hash_double);
@@ -488,7 +488,7 @@ put_pkey_dht (void *cls, int32_t success, const char *emsg)
  GNUNET_CRYPTO_short_hash (TEST_AUTHORITY_ALICE,
                            strlen (TEST_AUTHORITY_ALICE), &name_hash);
  GNUNET_CRYPTO_short_hash (&bob_pkey,
-                            sizeof(struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof(struct GNUNET_CRYPTO_EccPublicKey),
                            &zone_hash);
  GNUNET_CRYPTO_short_hash_double(&zone_hash, &zone_hash_double);
  GNUNET_CRYPTO_short_hash_double(&name_hash, &name_hash_double);
diff --git a/src/gns/test_gns_revocation.c b/src/gns/test_gns_revocation.c
index c491db4aa..e66655203 100644
--- a/src/gns/test_gns_revocation.c
+++ b/src/gns/test_gns_revocation.c
@@ -180,8 +180,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  struct GNUNET_CRYPTO_ShortHashCode bob_hash;
diff --git a/src/gns/test_gns_simple_delegated_lookup.c b/src/gns/test_gns_simple_delegated_lookup.c
index 4804de6f8..ff19569d6 100644
--- a/src/gns/test_gns_simple_delegated_lookup.c
+++ b/src/gns/test_gns_simple_delegated_lookup.c
@@ -189,8 +189,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  struct GNUNET_CRYPTO_ShortHashCode bob_hash;
diff --git a/src/gns/test_gns_simple_get_authority.c b/src/gns/test_gns_simple_get_authority.c
index 7a25e7ca1..7a3e8af93 100644
--- a/src/gns/test_gns_simple_get_authority.c
+++ b/src/gns/test_gns_simple_get_authority.c
@@ -178,9 +178,9 @@ void do_check (void *cls,
              const struct GNUNET_CONFIGURATION_Handle *ccfg,
              struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded our_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey our_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *our_key;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
diff --git a/src/gns/test_gns_simple_lookup.c b/src/gns/test_gns_simple_lookup.c
index a7c3348fd..fceb8f052 100644
--- a/src/gns/test_gns_simple_lookup.c
+++ b/src/gns/test_gns_simple_lookup.c
@@ -221,7 +221,7 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_NAMESTORE_RecordData rd;
  char* alice_keyfile;
diff --git a/src/gns/test_gns_simple_mx_lookup.c b/src/gns/test_gns_simple_mx_lookup.c
index f3cfaac27..904758bde 100644
--- a/src/gns/test_gns_simple_mx_lookup.c
+++ b/src/gns/test_gns_simple_mx_lookup.c
@@ -180,8 +180,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  struct GNUNET_CRYPTO_ShortHashCode bob_hash;
diff --git a/src/gns/test_gns_simple_shorten.c b/src/gns/test_gns_simple_shorten.c
index 600cb0733..679a74dc8 100644
--- a/src/gns/test_gns_simple_shorten.c
+++ b/src/gns/test_gns_simple_shorten.c
@@ -61,8 +61,8 @@ static struct GNUNET_GNS_Handle *gns_handle;
 const struct GNUNET_CONFIGURATION_Handle *cfg;
-struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded priv_pkey;
+struct GNUNET_CRYPTO_EccPublicKey priv_pkey;
-struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded short_pkey;
+struct GNUNET_CRYPTO_EccPublicKey short_pkey;
 struct GNUNET_CRYPTO_EccPrivateKey *priv_key;
 struct GNUNET_CRYPTO_EccPrivateKey *short_key;
@@ -170,9 +170,9 @@ void do_check (void *cls,
              const struct GNUNET_CONFIGURATION_Handle *ccfg,
              struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded our_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey our_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *our_key;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
diff --git a/src/gns/test_gns_simple_srv_lookup.c b/src/gns/test_gns_simple_srv_lookup.c
index 3b1cd46a0..a403bf554 100644
--- a/src/gns/test_gns_simple_srv_lookup.c
+++ b/src/gns/test_gns_simple_srv_lookup.c
@@ -182,8 +182,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  struct GNUNET_CRYPTO_ShortHashCode bob_hash;
diff --git a/src/gns/test_gns_simple_zkey_lookup.c b/src/gns/test_gns_simple_zkey_lookup.c
index 311282535..c0e3afc8d 100644
--- a/src/gns/test_gns_simple_zkey_lookup.c
+++ b/src/gns/test_gns_simple_zkey_lookup.c
@@ -199,8 +199,8 @@ do_check (void *cls,
          const struct GNUNET_CONFIGURATION_Handle *ccfg,
          struct GNUNET_TESTING_Peer *peer)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded alice_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey alice_pkey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded bob_pkey;
+  struct GNUNET_CRYPTO_EccPublicKey bob_pkey;
  struct GNUNET_CRYPTO_EccPrivateKey *alice_key;
  struct GNUNET_CRYPTO_EccPrivateKey *bob_key;
  struct GNUNET_CRYPTO_EccSignature *sig;
diff --git a/src/hello/gnunet-hello.c b/src/hello/gnunet-hello.c
index 816a89936..e4e0978ee 100644
--- a/src/hello/gnunet-hello.c
+++ b/src/hello/gnunet-hello.c
@@ -108,7 +108,7 @@ main (int argc, char *argv[])
  struct GNUNET_DISK_FileHandle *fh;
  struct GNUNET_HELLO_Message *orig;
  struct GNUNET_HELLO_Message *result;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk;
+  struct GNUNET_CRYPTO_EccPublicKey pk;
  uint64_t fsize;
  GNUNET_log_setup ("gnunet-hello", "INFO", NULL);
diff --git a/src/hello/hello.c b/src/hello/hello.c
index a85a6ee97..d2e143579 100644
--- a/src/hello/hello.c
+++ b/src/hello/hello.c
@@ -59,7 +59,7 @@ struct GNUNET_HELLO_Message
  /**
   * The public key of the peer.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded publicKey;
+  struct GNUNET_CRYPTO_EccPublicKey publicKey;
 };
 GNUNET_NETWORK_STRUCT_END
@@ -216,8 +216,7 @@ get_hello_address_size (const char *buf, size_t max, uint16_t * ralen)
 * @return the hello message
 */
 struct GNUNET_HELLO_Message *
-GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKey *publicKey,
-                     *publicKey,
                     GNUNET_HELLO_GenerateAddressListCallback addrgen,
                     void *addrgen_cls,
                     int friend_only)
@@ -248,7 +247,7 @@ GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
  hello->friend_only = htonl (friend_only);
  memcpy (&hello->publicKey, publicKey,
-          sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+          sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  memcpy (&hello[1], buffer, used);
  return hello;
 }
@@ -296,7 +295,7 @@ GNUNET_HELLO_iterate_addresses (const struct GNUNET_HELLO_Message *msg,
  wpos = 0;
  woff = (ret != NULL) ? (char *) &ret[1] : NULL;
  GNUNET_CRYPTO_hash (&msg->publicKey,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &address.peer.hashPubKey);
  while (insize > 0)
  {
@@ -531,7 +530,7 @@ GNUNET_HELLO_size (const struct GNUNET_HELLO_Message *hello)
 */
 int
 GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello,
-                      struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicKey)
+                      struct GNUNET_CRYPTO_EccPublicKey *publicKey)
 {
  uint16_t ret = ntohs (hello->header.size);
@@ -560,7 +559,7 @@ GNUNET_HELLO_get_id (const struct GNUNET_HELLO_Message *hello,
      (ntohs (hello->header.type) != GNUNET_MESSAGE_TYPE_HELLO))
    return GNUNET_SYSERR;
  GNUNET_CRYPTO_hash (&hello->publicKey,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &peer->hashPubKey);
  return GNUNET_OK;
 }
@@ -672,7 +671,7 @@ GNUNET_HELLO_equals (const struct GNUNET_HELLO_Message *h1,
  if (0 !=
      memcmp (&h1->publicKey, &h2->publicKey,
-              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+              sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
    return GNUNET_TIME_UNIT_ZERO_ABS;
  ec.expiration_limit = now;
  ec.result = GNUNET_TIME_UNIT_FOREVER_ABS;
@@ -1047,7 +1046,7 @@ add_address_to_hello (void *cls, size_t max, void *buffer)
 */
 int
 GNUNET_HELLO_parse_uri (const char *uri,
-                        struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pubkey,
+                        struct GNUNET_CRYPTO_EccPublicKey *pubkey,
                        struct GNUNET_HELLO_Message **hello,
                        GNUNET_HELLO_TransportPluginsFind plugins_find)
 {
diff --git a/src/hello/test_friend_hello.c b/src/hello/test_friend_hello.c
index fb14817c7..7d0348339 100644
--- a/src/hello/test_friend_hello.c
+++ b/src/hello/test_friend_hello.c
@@ -93,8 +93,8 @@ main (int argc, char *argv[])
  struct GNUNET_HELLO_Message *msg1;
  struct GNUNET_HELLO_Message *msg2;
  struct GNUNET_HELLO_Message *msg3;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded publicKey;
+  struct GNUNET_CRYPTO_EccPublicKey publicKey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk;
+  struct GNUNET_CRYPTO_EccPublicKey pk;
  struct GNUNET_TIME_Absolute startup_time;
  unsigned int i;
diff --git a/src/hello/test_hello.c b/src/hello/test_hello.c
index 64abec5e4..67f7318b2 100644
--- a/src/hello/test_hello.c
+++ b/src/hello/test_hello.c
@@ -93,8 +93,8 @@ main (int argc, char *argv[])
  struct GNUNET_HELLO_Message *msg1;
  struct GNUNET_HELLO_Message *msg2;
  struct GNUNET_HELLO_Message *msg3;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded publicKey;
+  struct GNUNET_CRYPTO_EccPublicKey publicKey;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk;
+  struct GNUNET_CRYPTO_EccPublicKey pk;
  struct GNUNET_TIME_Absolute startup_time;
  unsigned int i;
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index eeaa4e253..b9384ea65 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -209,23 +209,16 @@ static struct GNUNET_IDENTITY_UpdateMessage *
 create_update_message (struct Ego *ego)
 {
  struct GNUNET_IDENTITY_UpdateMessage *um;
-  char *str;
-  uint16_t pk_len;
  size_t name_len;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
+ 
  name_len = (NULL == ego->identifier) ? 0 : (strlen (ego->identifier) + 1);
-  enc = GNUNET_CRYPTO_ecc_encode_key (ego->pk);
+  um = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_UpdateMessage) + name_len);
-  pk_len = ntohs (enc->size);
-  um = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_UpdateMessage) + pk_len + name_len);
  um->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE);
-  um->header.size = htons (sizeof (struct GNUNET_IDENTITY_UpdateMessage) + pk_len + name_len);
+  um->header.size = htons (sizeof (struct GNUNET_IDENTITY_UpdateMessage) + name_len);
  um->name_len = htons (name_len);
-  um->pk_len = htons (pk_len);
+  um->end_of_list = htons (GNUNET_NO);
-  str = (char *) &um[1];
+  um->private_key = *ego->pk;
-  memcpy (str, enc, pk_len);
+  memcpy (&um[1], ego->identifier, name_len);
-  memcpy (&str[pk_len], ego->identifier, name_len);
-  GNUNET_free (enc);
  return um;
 }
@@ -242,23 +235,16 @@ create_set_default_message (struct Ego *ego,
                            const char *servicename)
 {
  struct GNUNET_IDENTITY_SetDefaultMessage *sdm;
-  char *str;
-  uint16_t pk_len;
  size_t name_len;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
  name_len = (NULL == servicename) ? 0 : (strlen (servicename) + 1);
-  enc = GNUNET_CRYPTO_ecc_encode_key (ego->pk);
+  sdm = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) + name_len);
-  pk_len = ntohs (enc->size);
-  sdm = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) + pk_len + name_len);
  sdm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT);
-  sdm->header.size = htons (sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) + pk_len + name_len);
+  sdm->header.size = htons (sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) + name_len);
  sdm->name_len = htons (name_len);
-  sdm->pk_len = htons (pk_len);
+  sdm->reserved = htons (0);
-  str = (char *) &sdm[1];
+  sdm->private_key = *ego->pk;
-  memcpy (str, enc, pk_len);
+  memcpy (&sdm[1], servicename, name_len);
-  memcpy (&str[pk_len], servicename, name_len);
-  GNUNET_free (enc);
  return sdm;
 }
@@ -290,9 +276,10 @@ handle_start_message (void *cls, struct GNUNET_SERVER_Client *client,
    GNUNET_SERVER_notification_context_unicast (nc, client, &um->header, GNUNET_NO);
    GNUNET_free (um);
  }
+  memset (&ume, 0, sizeof (ume));
  ume.header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE);
  ume.header.size = htons (sizeof (struct GNUNET_IDENTITY_UpdateMessage));
-  ume.pk_len = htons (0);
+  ume.end_of_list = htons (GNUNET_YES);
  ume.name_len = htons (0);
  GNUNET_SERVER_notification_context_unicast (nc, client, &ume.header, GNUNET_NO);  
  GNUNET_SERVER_receive_done (client, GNUNET_OK);
@@ -383,12 +370,7 @@ static int
 key_cmp (const struct GNUNET_CRYPTO_EccPrivateKey *pk1,
         const struct GNUNET_CRYPTO_EccPrivateKey *pk2)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded p1;
+  return memcmp (pk1, pk2, sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded p2;
-  
-  GNUNET_CRYPTO_ecc_key_get_public (pk1, &p1);
-  GNUNET_CRYPTO_ecc_key_get_public (pk2, &p2);
-  return memcmp (&p1, &p2, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
 }
@@ -407,10 +389,8 @@ handle_set_default_message (void *cls, struct GNUNET_SERVER_Client *client,
  const struct GNUNET_IDENTITY_SetDefaultMessage *sdm;
  uint16_t size;
  uint16_t name_len;
-  uint16_t pk_len;
  struct Ego *ego;
  const char *str;
-  struct GNUNET_CRYPTO_EccPrivateKey *pk;
  size = ntohs (message->size);
  if (size <= sizeof (struct GNUNET_IDENTITY_SetDefaultMessage))
@@ -421,16 +401,14 @@ handle_set_default_message (void *cls, struct GNUNET_SERVER_Client *client,
  }
  sdm = (const struct GNUNET_IDENTITY_SetDefaultMessage *) message;
  name_len = ntohs (sdm->name_len);
-  pk_len = ntohs (sdm->pk_len);
+  GNUNET_break (0 == ntohs (sdm->reserved));
-  str = (const char *) &sdm[1];
+  if (name_len + sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) != size) 
-  if ( (name_len + pk_len + sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) != size) ||
-       (NULL == (pk = GNUNET_CRYPTO_ecc_decode_key (str, pk_len, GNUNET_YES))) )
  {
    GNUNET_break (0);
    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
    return;
  }
-  str = &str[pk_len];
+  str = (const char *) &sdm[1];
  if ('\0' != str[name_len - 1])
  {
    GNUNET_break (0);
@@ -443,7 +421,7 @@ handle_set_default_message (void *cls, struct GNUNET_SERVER_Client *client,
  for (ego = ego_head; NULL != ego; ego = ego->next)
  {
    if (0 == key_cmp (ego->pk,
-                      pk))
+                      &sdm->private_key))
    {
      GNUNET_CONFIGURATION_set_value_string (subsystem_cfg,
                                             str,
@@ -457,13 +435,11 @@ handle_set_default_message (void *cls, struct GNUNET_SERVER_Client *client,
                    subsystem_cfg_file);
      send_result_code (client, 0, NULL);
      GNUNET_SERVER_receive_done (client, GNUNET_OK);
-      GNUNET_CRYPTO_ecc_key_free (pk);
      return;
    }
  }  
  send_result_code (client, 1, _("Unknown ego specified for service (internal error)"));
  GNUNET_SERVER_receive_done (client, GNUNET_OK);
-  GNUNET_CRYPTO_ecc_key_free (pk);
 }
@@ -498,11 +474,8 @@ handle_create_message (void *cls, struct GNUNET_SERVER_Client *client,
  const struct GNUNET_IDENTITY_CreateRequestMessage *crm;
  uint16_t size;
  uint16_t name_len;
-  uint16_t pk_len;
  struct Ego *ego;
-  const char *pks;
  const char *str;
-  struct GNUNET_CRYPTO_EccPrivateKey *pk;
  char *fn;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
@@ -516,16 +489,14 @@ handle_create_message (void *cls, struct GNUNET_SERVER_Client *client,
  }
  crm = (const struct GNUNET_IDENTITY_CreateRequestMessage *) message;
  name_len = ntohs (crm->name_len);
-  pk_len = ntohs (crm->pk_len);
+  GNUNET_break (0 == ntohs (crm->reserved));
-  pks = (const char *) &crm[1];
+  if (name_len + sizeof (struct GNUNET_IDENTITY_CreateRequestMessage) != size) 
-  if ( (name_len + pk_len + sizeof (struct GNUNET_IDENTITY_CreateRequestMessage) != size) ||
-       (NULL == (pk = GNUNET_CRYPTO_ecc_decode_key (pks, pk_len, GNUNET_YES))) )
  {
    GNUNET_break (0);
    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
    return;
  }
-  str = &pks[pk_len];
+  str = (const char *) &crm[1];
  if ('\0' != str[name_len - 1])
  {
    GNUNET_break (0);
@@ -539,12 +510,12 @@ handle_create_message (void *cls, struct GNUNET_SERVER_Client *client,
    {
      send_result_code (client, 1, gettext_noop ("identifier already in use for another ego"));
      GNUNET_SERVER_receive_done (client, GNUNET_OK);
-      GNUNET_CRYPTO_ecc_key_free (pk);
      return;
    }
  }
  ego = GNUNET_new (struct Ego);
-  ego->pk = pk;
+  ego->pk = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
+  *ego->pk = crm->private_key;
  ego->identifier = GNUNET_strdup (str);
  GNUNET_CONTAINER_DLL_insert (ego_head,
                               ego_tail,
@@ -552,8 +523,10 @@ handle_create_message (void *cls, struct GNUNET_SERVER_Client *client,
  send_result_code (client, 0, NULL);
  fn = get_ego_filename (ego);
  (void) GNUNET_DISK_directory_create_for_file (fn);
-  if (pk_len !=
+  if (sizeof (struct GNUNET_CRYPTO_EccPrivateKey) !=
-      GNUNET_DISK_fn_write (fn, pks, pk_len,
+      GNUNET_DISK_fn_write (fn,
+                            &crm->private_key, 
+                            sizeof (struct GNUNET_CRYPTO_EccPrivateKey),
                            GNUNET_DISK_PERM_USER_READ |
                            GNUNET_DISK_PERM_USER_WRITE))
    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
diff --git a/src/identity/identity.h b/src/identity/identity.h
index 181f5c353..13ac91e46 100644
--- a/src/identity/identity.h
+++ b/src/identity/identity.h
@@ -74,11 +74,14 @@ struct GNUNET_IDENTITY_UpdateMessage
  uint16_t name_len GNUNET_PACKED;
  /**
-   * Number of bytes of private key data that follow, in NBO.
+   * Usually GNUNET_NO, GNUNET_YES to signal end of list.
   */
-  uint16_t pk_len GNUNET_PACKED;
+  uint16_t end_of_list GNUNET_PACKED;
-  /* followed by private key */
+  /**
+   * The private key
+   */
+  struct GNUNET_CRYPTO_EccPrivateKey private_key;
  /* followed by 0-terminated identity name */
@@ -130,11 +133,14 @@ struct GNUNET_IDENTITY_SetDefaultMessage
  uint16_t name_len GNUNET_PACKED;
  /**
-   * Number of bytes of private key data that follow, in NBO.
+   * Always zero.
   */
-  uint16_t pk_len GNUNET_PACKED;
+  uint16_t reserved GNUNET_PACKED;
-  /* followed by private key */
+  /**
+   * The private key 
+   */
+  struct GNUNET_CRYPTO_EccPrivateKey private_key;
  /* followed by 0-terminated service name */
@@ -158,11 +164,14 @@ struct GNUNET_IDENTITY_CreateRequestMessage
  uint16_t name_len GNUNET_PACKED;
  /**
-   * Number of bytes of private key data that follow, in NBO.
+   * Always zero.
   */
-  uint16_t pk_len GNUNET_PACKED;
+  uint16_t reserved GNUNET_PACKED;
-  /* followed by private key */
+  /**
+   * The private key 
+   */
+  struct GNUNET_CRYPTO_EccPrivateKey private_key;
  /* followed by 0-terminated identity name */
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c
index 54144c5bc..2062ddc63 100644
--- a/src/identity/identity_api.c
+++ b/src/identity/identity_api.c
@@ -48,9 +48,9 @@ struct GNUNET_IDENTITY_Ego
  struct GNUNET_CRYPTO_EccPrivateKey *pk;
  /**
-   * Current identifier (name) associated with this ego.
+   * Current name associated with this ego.
   */
-  char *identifier;
+  char *name;
  /**
   * Client context associated with this ego.
@@ -234,12 +234,10 @@ message_handler (void *cls,
  const struct GNUNET_IDENTITY_ResultCodeMessage *rcm;
  const struct GNUNET_IDENTITY_UpdateMessage *um;
  const struct GNUNET_IDENTITY_SetDefaultMessage *sdm;
-  struct GNUNET_CRYPTO_EccPrivateKey *priv;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
  struct GNUNET_HashCode id;
  const char *str;
  uint16_t size;
-  uint16_t pk_len;
  uint16_t name_len;
  if (NULL == msg)
@@ -291,39 +289,31 @@ message_handler (void *cls,
      return;
    }
    um = (const struct GNUNET_IDENTITY_UpdateMessage *) msg;
-    pk_len = ntohs (um->pk_len);
+    name_len = ntohs (um->name_len);
-    name_len = ntohs (um->name_len);    
+    
    str = (const char *) &um[1];
-    if ( (size != pk_len + name_len + sizeof (struct GNUNET_IDENTITY_UpdateMessage)) ||
+    if ( (size != name_len + sizeof (struct GNUNET_IDENTITY_UpdateMessage)) ||
         ( (0 != name_len) &&
-           ('\0' != str[pk_len + name_len - 1])) )
+           ('\0' != str[name_len - 1])) )
    {
      GNUNET_break (0);
      reschedule_connect (h);
      return;
    }
-    if ( (0 == pk_len) &&
+    if (GNUNET_YES == ntohs (um->end_of_list))
-         (0 == name_len) )
    {
      /* end of initial list of data */
      if (NULL != h->cb)
        h->cb (h->cb_cls, NULL, NULL, NULL);
      break;
    }
-    priv = GNUNET_CRYPTO_ecc_decode_key (str, pk_len, GNUNET_YES); 
+    GNUNET_CRYPTO_ecc_key_get_public (&um->private_key,
-    if (NULL == priv)
-    {
-      GNUNET_break (0);
-      reschedule_connect (h);
-      return;
-    }
-    GNUNET_CRYPTO_ecc_key_get_public (priv,
                                      &pub);
    GNUNET_CRYPTO_hash (&pub, sizeof (pub), &id);
    if (0 == name_len)
      str = NULL;
    else
-      str = &str[pk_len];
+      str = (const char *) &um[1];
    ego = GNUNET_CONTAINER_multihashmap_get (h->egos,
                                             &id);
    if (NULL == ego)
@@ -333,13 +323,13 @@ message_handler (void *cls,
      {
        /* deletion of unknown ego? not allowed */
        GNUNET_break (0);
-        GNUNET_CRYPTO_ecc_key_free (priv);
        reschedule_connect (h);
        return;
      }
      ego = GNUNET_new (struct GNUNET_IDENTITY_Ego);
-      ego->pk = priv;
+      ego->pk = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
-      ego->identifier = GNUNET_strdup (str);
+      *ego->pk = um->private_key;
+      ego->name = GNUNET_strdup (str);
      ego->id = id;
      GNUNET_assert (GNUNET_YES ==
                     GNUNET_CONTAINER_multihashmap_put (h->egos,
@@ -347,10 +337,6 @@ message_handler (void *cls,
                                                        ego,
                                                        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
    }
-    else
-    {
-      GNUNET_CRYPTO_ecc_key_free (priv);
-    }
    /* inform application about change */
    if (NULL != h->cb)
      h->cb (h->cb_cls,
@@ -365,14 +351,14 @@ message_handler (void *cls,
                                                           &ego->id,
                                                           ego));
      GNUNET_CRYPTO_ecc_key_free (ego->pk);
-      GNUNET_free (ego->identifier);
+      GNUNET_free (ego->name);
      GNUNET_free (ego);
    }
    else
      {
      /* ego changed name */
-      GNUNET_free (ego->identifier);
+      GNUNET_free (ego->name);
-      ego->identifier = GNUNET_strdup (str);
+      ego->name = GNUNET_strdup (str);
    }    
    break;
  case GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT:
@@ -383,32 +369,24 @@ message_handler (void *cls,
      return;
    }
    sdm = (const struct GNUNET_IDENTITY_SetDefaultMessage *) msg;
-    pk_len = ntohs (sdm->pk_len);
+    GNUNET_break (0 == ntohs (sdm->reserved));
    name_len = ntohs (sdm->name_len);
    str = (const char *) &sdm[1];
-    if ( (size != pk_len + name_len + sizeof (struct GNUNET_IDENTITY_SetDefaultMessage)) ||
+    if ( (size != name_len + sizeof (struct GNUNET_IDENTITY_SetDefaultMessage)) ||
         ( (0 != name_len) &&
-           ('\0' != str[pk_len + name_len - 1]) ) )
+           ('\0' != str[name_len - 1]) ) )
    {
      GNUNET_break (0);
      reschedule_connect (h);
      return;
    }
-    priv = GNUNET_CRYPTO_ecc_decode_key (str, pk_len, GNUNET_YES); 
+    GNUNET_CRYPTO_ecc_key_get_public (&sdm->private_key,
-    if (NULL == priv)
-    {
-      GNUNET_break (0);
-      reschedule_connect (h);
-      return;
-    }
-    GNUNET_CRYPTO_ecc_key_get_public (priv,
                                      &pub);
-    GNUNET_CRYPTO_ecc_key_free (priv);
    GNUNET_CRYPTO_hash (&pub, sizeof (pub), &id);
    if (0 == name_len)
      str = NULL;
    else
-      str = &str[pk_len];
+      str = (const char *) &sdm[1];
    ego = GNUNET_CONTAINER_multihashmap_get (h->egos,
                                             &id);
    if (NULL == ego)
@@ -425,7 +403,7 @@ message_handler (void *cls,
      op->cb (op->cls,
              ego,
              &ego->ctx,
-              ego->identifier);
+              ego->name);
    GNUNET_free (op);
    break;
  default:
@@ -588,13 +566,27 @@ GNUNET_IDENTITY_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
 * @return associated ECC key, valid as long as the ego is valid
 */
 const struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego)
+GNUNET_IDENTITY_ego_get_private_key (struct GNUNET_IDENTITY_Ego *ego)
 {
  return ego->pk;
 }
 /**
+ * Get the identifier (public key) of an ego.
+ *
+ * @param ego identity handle with the private key
+ * @param pk set to ego's public key
+ */
+void
+GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
+                                    struct GNUNET_CRYPTO_EccPublicKey *pk)
+{
+  GNUNET_assert (0);
+}
+/**
 * Obtain the identity that is currently preferred/default
 * for a service.
 *
@@ -660,38 +652,30 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *id,
                     GNUNET_IDENTITY_Continuation cont,
                     void *cont_cls)
 {
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
  struct GNUNET_IDENTITY_Operation *op;
  struct GNUNET_IDENTITY_SetDefaultMessage *sdm;
-  char *str;
-  uint16_t enc_len;
  size_t slen;
  slen = strlen (service_name) + 1;
-  enc = GNUNET_CRYPTO_ecc_encode_key (ego->pk);
+  if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_SetDefaultMessage))
-  enc_len = ntohs (enc->size);
-  if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) - enc_len)
  {
    GNUNET_break (0);
-    GNUNET_free (enc);
    return NULL;
  }
  op = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_Operation) +
                      sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) +
-                      enc_len + slen);  
+                      slen);  
  op->h = id;
  op->cont = cont;
  op->cls = cont_cls;
  sdm = (struct GNUNET_IDENTITY_SetDefaultMessage *) &op[1];
  sdm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT);
  sdm->header.size = htons (sizeof (struct GNUNET_IDENTITY_SetDefaultMessage) +
-                            slen + enc_len);
+                            slen);
  sdm->name_len = htons (slen);
-  sdm->pk_len = htons (enc_len);
+  sdm->reserved = htons (0);
-  str = (char *) &sdm[1];
+  sdm->private_key = *ego->pk;
-  memcpy (str, enc, enc_len);
+  memcpy (&sdm[1], service_name, slen);
-  memcpy (&str[enc_len], service_name, slen);
  op->msg = &sdm->header;
  GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
                                    id->op_tail,
@@ -703,61 +687,55 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *id,
 /** 
- * Create a new identity with the given identifier.
+ * Create a new identity with the given name.
 *
 * @param id identity service to use
- * @param identifier desired identifier
+ * @param name desired name
 * @param cont function to call with the result (will only be called once)
 * @param cont_cls closure for cont
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                        GNUNET_IDENTITY_Continuation cont,
                        void *cont_cls)
 {
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
  struct GNUNET_IDENTITY_Operation *op;
  struct GNUNET_IDENTITY_CreateRequestMessage *crm;
  struct GNUNET_CRYPTO_EccPrivateKey *pk;
-  char *str;
-  uint16_t enc_len;
  size_t slen;
-  slen = strlen (identifier) + 1;
+  slen = strlen (name) + 1;
  pk = GNUNET_CRYPTO_ecc_key_create ();
-  enc = GNUNET_CRYPTO_ecc_encode_key (pk);
-  GNUNET_CRYPTO_ecc_key_free (pk);
-  enc_len = ntohs (enc->size);
-  if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_CreateRequestMessage) - enc_len)
+  if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_CreateRequestMessage))
  {
    GNUNET_break (0);
-    GNUNET_free (enc);
+    GNUNET_CRYPTO_ecc_key_free (pk);
    return NULL;
  }
  op = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_Operation) +
                      sizeof (struct GNUNET_IDENTITY_CreateRequestMessage) +
-                      enc_len + slen);  
+                      slen);  
  op->h = id;
  op->cont = cont;
  op->cls = cont_cls;
  crm = (struct GNUNET_IDENTITY_CreateRequestMessage *) &op[1];
  crm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_CREATE);
  crm->header.size = htons (sizeof (struct GNUNET_IDENTITY_CreateRequestMessage) +
-                            slen + enc_len);
+                            slen);
  crm->name_len = htons (slen);
-  crm->pk_len = htons (enc_len);
+  crm->reserved = htons (0);
-  str = (char *) &crm[1];
+  crm->private_key = *pk;
-  memcpy (str, enc, enc_len);
+  memcpy (&crm[1], name, slen);
-  memcpy (&str[enc_len], identifier, slen);
  op->msg = &crm->header;
  GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
                                    id->op_tail,
                                    op);
  if (NULL == id->th)
    transmit_next (id);
+  GNUNET_CRYPTO_ecc_key_free (pk);
  return op;
 }
@@ -766,16 +744,16 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
 * Renames an existing identity.
 *
 * @param id identity service to use
- * @param old_identifier old identifier
+ * @param old_name old name
- * @param new_identifier desired new identifier
+ * @param new_name desired new name
 * @param cb function to call with the result (will only be called once)
 * @param cb_cls closure for cb
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
-                        const char *old_identifier,
+                        const char *old_name,
-                        const char *new_identifier,
+                        const char *new_name,
                        GNUNET_IDENTITY_Continuation cb,
                        void *cb_cls)
 {
@@ -785,8 +763,8 @@ GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
  size_t slen_new;
  char *dst;
-  slen_old = strlen (old_identifier) + 1;
+  slen_old = strlen (old_name) + 1;
-  slen_new = strlen (new_identifier) + 1;
+  slen_new = strlen (new_name) + 1;
  if ( (slen_old >= GNUNET_SERVER_MAX_MESSAGE_SIZE) ||
       (slen_new >= GNUNET_SERVER_MAX_MESSAGE_SIZE) ||
       (slen_old + slen_new >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_RenameMessage)) )
@@ -807,8 +785,8 @@ GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
  grm->old_name_len = htons (slen_old);
  grm->new_name_len = htons (slen_new);
  dst = (char *) &grm[1];
-  memcpy (dst, old_identifier, slen_old);
+  memcpy (dst, old_name, slen_old);
-  memcpy (&dst[slen_old], new_identifier, slen_new);
+  memcpy (&dst[slen_old], new_name, slen_new);
  op->msg = &grm->header;
  GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
                                    id->op_tail,
@@ -823,14 +801,14 @@ GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
 * Delete an existing identity.
 *
 * @param id identity service to use
- * @param identifier identifier of the identity to delete
+ * @param name name of the identity to delete
 * @param cb function to call with the result (will only be called once)
 * @param cb_cls closure for cb
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                        GNUNET_IDENTITY_Continuation cb,
                        void *cb_cls)
 {
@@ -838,7 +816,7 @@ GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
  struct GNUNET_IDENTITY_DeleteMessage *gdm;
  size_t slen;
-  slen = strlen (identifier) + 1;
+  slen = strlen (name) + 1;
  if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct GNUNET_IDENTITY_DeleteMessage))
  {
    GNUNET_break (0);
@@ -856,7 +834,7 @@ GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
                            slen);
  gdm->name_len = htons (slen);
  gdm->reserved = htons (0);
-  memcpy (&gdm[1], identifier, slen);
+  memcpy (&gdm[1], name, slen);
  op->msg = &gdm->header;
  GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
                                    id->op_tail,
@@ -929,7 +907,7 @@ free_ego (void *cls,
         &ego->ctx,
         NULL);
  GNUNET_CRYPTO_ecc_key_free (ego->pk);
-  GNUNET_free (ego->identifier);
+  GNUNET_free (ego->name);
  GNUNET_free (ego);
  return GNUNET_OK;
 }
diff --git a/src/include/block_dns.h b/src/include/block_dns.h
index c7e1fbb55..198bba2c0 100644
--- a/src/include/block_dns.h
+++ b/src/include/block_dns.h
@@ -58,7 +58,7 @@ struct GNUNET_DNS_Record
  /**
   * The peer providing this service
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded peer;
+  struct GNUNET_CRYPTO_EccPublicKey peer;
  /**
   * The descriptor for the service
diff --git a/src/include/block_gns.h b/src/include/block_gns.h
index 2f864f4d3..21f0b097c 100644
--- a/src/include/block_gns.h
+++ b/src/include/block_gns.h
@@ -39,14 +39,16 @@ struct GNSNameRecordBlock
  /**
   * The public key of the authority
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /**
   * GNUNET_RSA_Signature using RSA-key generated from the records.
   */
  struct GNUNET_CRYPTO_EccSignature signature;
-  /* number of records that follow */
+  /**
+   * number of records that follow 
+   */
  uint32_t rd_count GNUNET_PACKED;
  /* 0-terminated name here */
diff --git a/src/include/block_regex.h b/src/include/block_regex.h
index bfaf411eb..5995f70a2 100644
--- a/src/include/block_regex.h
+++ b/src/include/block_regex.h
@@ -67,7 +67,7 @@ struct RegexAcceptBlock
  /**
   * Public key of the peer signing.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /**
   * The signature.
diff --git a/src/include/gnunet_chat_service.h b/src/include/gnunet_chat_service.h
index 8e77f9b65..d539197a0 100644
--- a/src/include/gnunet_chat_service.h
+++ b/src/include/gnunet_chat_service.h
@@ -135,7 +135,7 @@ typedef int (*GNUNET_CHAT_MemberListCallback) (void *cls,
                                               GNUNET_CONTAINER_MetaData *
                                               member_info,
                                               const struct
-                                               GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+                                               GNUNET_CRYPTO_RsaPublicKey
                                               * member_id,
                                               enum GNUNET_CHAT_MsgOptions
                                               options);
@@ -209,7 +209,7 @@ GNUNET_CHAT_join_room (const struct GNUNET_CONFIGURATION_Handle *cfg,
 void
 GNUNET_CHAT_send_message (struct GNUNET_CHAT_Room *room, const char *message,
                          enum GNUNET_CHAT_MsgOptions options,
-                          const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+                          const struct GNUNET_CRYPTO_RsaPublicKey
                          *receiver, uint32_t * sequence_number);
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index da2fe860e..5f209efea 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -43,6 +43,14 @@ extern "C"
 #include "gnunet_common.h"
 #include "gnunet_scheduler_lib.h"
+/**
+ * Maximum length of an ECC signature.
+ * Note: round up to multiple of 8 minus 2 for alignment.
+ */
+#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
 /**
 * Desired quality level for cryptographic operations.
 */
@@ -77,24 +85,6 @@ enum GNUNET_CRYPTO_Quality
 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
 /**
- * Maximum length of an ECC signature.
- * Note: round up to multiple of 8 minus 2 for alignment.
- */
-#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
-/**
- * Maximum length of the public key (q-point, Q = dP) when encoded.
- */
-#define GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH 76 
-/**
- * The private information of an ECC private key.
- */
-struct GNUNET_CRYPTO_EccPrivateKey;
-/**
 * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
 */
 struct GNUNET_CRYPTO_HashAsciiEncoded
@@ -112,7 +102,6 @@ struct GNUNET_CRYPTO_ShortHashAsciiEncoded
 };
 GNUNET_NETWORK_STRUCT_BEGIN
@@ -146,54 +135,50 @@ struct GNUNET_CRYPTO_EccSignaturePurpose
 */
 struct GNUNET_CRYPTO_EccSignature
 {
  /**
-   * Overall size of the signature data.
+   * R value.
   */
-  uint16_t size GNUNET_PACKED;
+  unsigned char r[256 / 8];
  /**
-   * S-expression, padded with zeros.
+   * S value.
   */
-  char sexpr[GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH];
+  unsigned char s[256 / 8];
 };
 /**
 * Public ECC key (always for NIST P-521) encoded in a format suitable
- * for network transmission as created using 'gcry_sexp_sprint'.
+ * for network transmission.
 */
-struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded 
+struct GNUNET_CRYPTO_EccPublicKey 
 {
  /**
-   * Size of the encoding, in network byte order.
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
   */
-  uint16_t size GNUNET_PACKED;
+  unsigned char q_x[256 / 8];
  /**
-   * Actual length of the q-point binary encoding.
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
   */
-  uint16_t len GNUNET_PACKED;
+  unsigned char q_y[256 / 8];
-  /**
-   * 0-padded q-point in binary encoding (GCRYPT_MPI_FMT_USG).
-   */
-  unsigned char key[GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH];
 };
 /**
- * Private ECC key encoded for transmission (with length prefix).
+ * Private ECC key encoded for transmission.
 */
-struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded
+struct GNUNET_CRYPTO_EccPrivateKey
 {
  /**
-   * Overall size of the private key in network byte order.
+   * d is a value mod n, where n has at most 256 bits.
   */
-  uint16_t size;
+  unsigned char d[256 / 8];
-  /* followd by S-expression, opaque to applications */
-  /* FIXME: consider defining padding to make this a fixed-size struct */
 };
@@ -828,10 +813,10 @@ typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls,
 /**
 * Free memory occupied by ECC key
 *
- * @param privatekey pointer to the memory to free
+ * @param priv pointer to the memory to free
 */
 void
-GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey);
+GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *priv);
 /**
@@ -842,7 +827,7 @@ GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey);
 */
 void
 GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                                  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
+                                  struct GNUNET_CRYPTO_EccPublicKey *pub);
 /**
@@ -852,7 +837,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv
 * @return string representing  'pub'
 */
 char *
-GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
+GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKey *pub);
 /**
@@ -866,36 +851,7 @@ GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyB
 int
 GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, 
                                          size_t enclen,
-                                          struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
+                                          struct GNUNET_CRYPTO_EccPublicKey *pub);
-/**
- * Encode the private key in a format suitable for
- * storing it into a file.
- *
- * @param key key to encode
- * @return encoding of the private key.
- *    The first 4 bytes give the size of the array, as usual.
- */
-struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *
-GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key);
-/**
- * Decode the private key from the file-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the private key data is stored
- * @param len the length of the data in 'buffer'
- * @param validate GNUNET_YES to validate that the key is well-formed,
- *                 GNUNET_NO if the key comes from a totally trusted source 
- *                 and validation is considered too expensive
- * @return NULL on error
- */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_decode_key (const char *buf, 
-                              size_t len,
-                              int validate);
 /**
@@ -972,20 +928,20 @@ GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
 */
 int
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub,
+                        const struct GNUNET_CRYPTO_EccPublicKey *pub,
                        struct GNUNET_HashCode *key_material);
 /**
 * Sign a given block.
 *
- * @param key private key to use for the signing
+ * @param priv private key to use for the signing
 * @param purpose what to sign (size, purpose)
 * @param sig where to write the signature
 * @return GNUNET_SYSERR on error, GNUNET_OK on success
 */
 int
-GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
+GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
                        const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
                        struct GNUNET_CRYPTO_EccSignature *sig);
@@ -996,7 +952,7 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
 * @param purpose what is the purpose that the signature should have?
 * @param validate block to validate (size, purpose, data)
 * @param sig signature that is being validated
- * @param publicKey public key of the signer
+ * @param pub public key of the signer
 * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
 */
 int
@@ -1004,8 +960,36 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
                          const struct GNUNET_CRYPTO_EccSignaturePurpose
                          *validate,
                          const struct GNUNET_CRYPTO_EccSignature *sig,
-                          const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+                          const struct GNUNET_CRYPTO_EccPublicKey *pub);
-                          *publicKey);
+/**
+ * Derive a private key from a given private key and a label.
+ * Essentially calculates a private key 'h = H(l,P) * d mod n'
+ * where n is the size of the ECC group and P is the public
+ * key associated with the private key 'd'.
+ *
+ * @param priv original private key
+ * @param label label to use for key deriviation
+ * @return derived private key
+ */
+struct GNUNET_CRYPTO_EccPrivateKey *
+GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
+                              const char *label);
+/**
+ * Derive a public key from a given public key and a label.
+ * Essentially calculates a public key 'V = H(l,P) * P'.
+ *
+ * @param pub original public key
+ * @param label label to use for key deriviation
+ * @param result where to write the derived public key
+ */
+void
+GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub,
+                                     const char *label,
+                                     struct GNUNET_CRYPTO_EccPublicKey *result);
 #if 0                           /* keep Emacsens' auto-indent happy */
diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h
index a1e2dca23..afe53b0e0 100644
--- a/src/include/gnunet_fs_service.h
+++ b/src/include/gnunet_fs_service.h
@@ -81,13 +81,9 @@ struct GNUNET_FS_Uri;
 /**
- * Identifier for a GNUnet pseudonym (the public key).  Q-point, Q=dp.
+ * Identifier for a GNUnet pseudonym (the public key).  Q-point, Q=dP.
- * Note that we (ab)use an identifier of 'all zeros' to mean the
+ * Note that we (ab)use an identifier of 'Q=G=1P' to mean the
- * 'anonymous' pseudonym, where the value is actually the point at
+ * 'anonymous' pseudonym.
- * infinity; however, that value cannot be represented here.  We do
- * not handle the case where the actual q-Value of some pseudonym
- * happens to be all zeros as well (as the chance of that is
- * negligible).
 */
 struct GNUNET_FS_PseudonymIdentifier
 {
@@ -274,7 +270,7 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
 */
 void
 GNUNET_FS_pseudonym_get_identifier (struct GNUNET_FS_PseudonymHandle *ph,
-                                 struct GNUNET_FS_PseudonymIdentifier *pseudonym);
+                                    struct GNUNET_FS_PseudonymIdentifier *pseudonym);
@@ -531,6 +527,7 @@ GNUNET_FS_uri_ksk_remove_keyword (struct GNUNET_FS_Uri *uri,
 struct GNUNET_FS_Uri *
 GNUNET_FS_uri_parse (const char *uri, char **emsg);
 /**
 * Free URI.
 *
@@ -2604,8 +2601,9 @@ GNUNET_FS_namespace_open_existing (struct GNUNET_FS_Handle *h, const char *name)
 * @return GNUNET_OK on success, GNUNET_SYSERR on error (see errno for details)
 */
 int
-GNUNET_FS_namespace_rename (struct GNUNET_FS_Handle *h, const char *old_name,
+GNUNET_FS_namespace_rename (struct GNUNET_FS_Handle *h, 
-    const char *new_name);
+                            const char *old_name,
+                            const char *new_name);
 /**
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h
index b60353ee7..583a33f7d 100644
--- a/src/include/gnunet_hello_lib.h
+++ b/src/include/gnunet_hello_lib.h
@@ -199,8 +199,7 @@ typedef size_t (*GNUNET_HELLO_GenerateAddressListCallback) (void *cls,
 * @return the hello message
 */
 struct GNUNET_HELLO_Message *
-GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKey *publicKey,
-                     *publicKey,
                     GNUNET_HELLO_GenerateAddressListCallback addrgen,
                     void *addrgen_cls,
                     int friend_only);
@@ -327,8 +326,7 @@ GNUNET_HELLO_iterate_new_addresses (const struct GNUNET_HELLO_Message
 */
 int
 GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello,
-                      struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+                      struct GNUNET_CRYPTO_EccPublicKey *publicKey);
-                      *publicKey);
 /**
@@ -381,7 +379,7 @@ GNUNET_HELLO_compose_uri (const struct GNUNET_HELLO_Message *hello,
 */
 int
 GNUNET_HELLO_parse_uri (const char *uri,
-                        struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pubkey,
+                        struct GNUNET_CRYPTO_EccPublicKey *pubkey,
                        struct GNUNET_HELLO_Message **hello,
                        GNUNET_HELLO_TransportPluginsFind plugins_find);
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 1d67c568c..dfc643d22 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -74,7 +74,18 @@ struct GNUNET_IDENTITY_Operation;
 * @return associated ECC key, valid as long as the ego is valid
 */
 const struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
+GNUNET_IDENTITY_ego_get_private_key (struct GNUNET_IDENTITY_Ego *ego);
+/**
+ * Get the identifier (public key) of an ego.
+ *
+ * @param ego identity handle with the private key
+ * @param pk set to ego's public key
+ */
+void
+GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
+                                    struct GNUNET_CRYPTO_EccPublicKey *pk);
 /** 
@@ -83,7 +94,7 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
 *
 * When used with 'GNUNET_IDENTITY_connect', this function is
 * initially called for all egos and then again whenever a
- * ego's identifier changes or if it is deleted.  At the end of
+ * ego's name changes or if it is deleted.  At the end of
 * the initial pass over all egos, the function is once called
 * with 'NULL' for 'ego'. That does NOT mean that the callback won't
 * be invoked in the future or that there was an error.
@@ -97,10 +108,10 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
 * that one was not NULL).
 *
 * When an identity is renamed, this function is called with the
- * (known) ego but the NEW identifier.  
+ * (known) ego but the NEW name.  
 *
 * When an identity is deleted, this function is called with the
- * (known) ego and "NULL" for the 'identifier'.  In this case,
+ * (known) ego and "NULL" for the 'name'.  In this case,
 * the 'ego' is henceforth invalid (and the 'ctx' should also be
 * cleaned up).
 *
@@ -108,14 +119,14 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
 * @param ego ego handle
 * @param ego_ctx context for application to store data for this ego
 *                 (during the lifetime of this process, initially NULL)
- * @param identifier identifier assigned by the user for this ego,
+ * @param name name assigned by the user for this ego,
 *                   NULL if the user just deleted the ego and it
 *                   must thus no longer be used
 */
 typedef void (*GNUNET_IDENTITY_Callback)(void *cls,
                                         struct GNUNET_IDENTITY_Ego *ego,
                                         void **ctx,
-                                         const char *identifier);
+                                         const char *name);
 /** 
@@ -188,17 +199,17 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 /** 
- * Create a new identity with the given identifier.
+ * Create a new identity with the given name.
 *
 * @param id identity service to use
- * @param identifier desired identifier
+ * @param name desired name
 * @param cont function to call with the result (will only be called once)
 * @param cont_cls closure for cont
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                        GNUNET_IDENTITY_Continuation cont,
                        void *cont_cls);
@@ -207,16 +218,16 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
 * Renames an existing identity.
 *
 * @param id identity service to use
- * @param old_identifier old identifier
+ * @param old_name old name
- * @param new_identifier desired new identifier
+ * @param new_name desired new name
 * @param cb function to call with the result (will only be called once)
 * @param cb_cls closure for cb
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
-                        const char *old_identifier,
+                        const char *old_name,
-                        const char *new_identifier,
+                        const char *new_name,
                        GNUNET_IDENTITY_Continuation cb,
                        void *cb_cls);
@@ -225,14 +236,14 @@ GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
 * Delete an existing identity.
 *
 * @param id identity service to use
- * @param identifier identifier of the identity to delete
+ * @param name name of the identity to delete
 * @param cb function to call with the result (will only be called once)
 * @param cb_cls closure for cb
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                        GNUNET_IDENTITY_Continuation cb,
                        void *cb_cls);
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index e969170e5..b4ffc257d 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -4,7 +4,7 @@
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
     option) any later version.
     GNUnet is distributed in the hope that it will be useful, but
@@ -53,7 +53,7 @@ extern "C"
 *        because the user queried for a particular record type only)
 */
 typedef void (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
-                                                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                                 struct GNUNET_TIME_Absolute expire,
                                                 const char *name,
                                                 unsigned int rd_len,
@@ -88,7 +88,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
   * @return GNUNET_OK on success, else GNUNET_SYSERR
   */
  int (*put_records) (void *cls, 
-                      const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                      struct GNUNET_TIME_Absolute expire,
                      const char *name,
                      unsigned int rd_len,
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index 700122507..77da67312 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -247,7 +247,7 @@ struct GNUNET_NAMESTORE_RecordData
 */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
-                             const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                             const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                             const char *name,
                             struct GNUNET_TIME_Absolute freshness,
                             unsigned int rd_count,
@@ -270,7 +270,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
 * @return GNUNET_OK if the signature is valid
 */
 int
-GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *public_key,
+GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKey *public_key,
                                   const struct GNUNET_TIME_Absolute freshness,
                                   const char *name,
                                   unsigned int rd_count,
@@ -319,7 +319,7 @@ GNUNET_NAMESTORE_record_put_by_authority (struct GNUNET_NAMESTORE_Handle *h,
 *        because the user queried for a particular record type only)
 */
 typedef void (*GNUNET_NAMESTORE_RecordProcessor) (void *cls,
-                                                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                                  struct GNUNET_TIME_Absolute freshness,                            
                                                  const char *name,
                                                  unsigned int rd_count,
@@ -480,7 +480,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor;
 * @param signature signature of the record block
 */
 typedef void (*GNUNET_NAMESTORE_RecordMonitor)(void *cls,
-                                               const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                               const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                               struct GNUNET_TIME_Absolute freshness,                       
                                               const char *name,
                                               unsigned int rd_len,
diff --git a/src/include/gnunet_testing_lib.h b/src/include/gnunet_testing_lib.h
index 6bb92e05d..3b6fabb6e 100644
--- a/src/include/gnunet_testing_lib.h
+++ b/src/include/gnunet_testing_lib.h
@@ -46,12 +46,9 @@ extern "C"
 #endif
 /**
- * Size of each hostkey in the hostkey file (in BYTES).  This is the
+ * Size of each hostkey in the hostkey file (in BYTES). 
- * maximum length of the S-expressions generated by libgcrypt for the
- * curves (rounded up to the next full KB to make IO nicer); it is NOT
- * the number of bits in the key.
 */
-#define GNUNET_TESTING_HOSTKEYFILESIZE 1024
+#define GNUNET_TESTING_HOSTKEYFILESIZE sizeof (struct GNUNET_CRYPTO_EccPrivateKey)
 /**
 * Handle for a system on which GNUnet peers are executed;
diff --git a/src/mesh/gnunet-service-mesh-enc.c b/src/mesh/gnunet-service-mesh-enc.c
index 5cd6e71a3..3707fc028 100644
--- a/src/mesh/gnunet-service-mesh-enc.c
+++ b/src/mesh/gnunet-service-mesh-enc.c
@@ -584,12 +584,12 @@ struct MeshTunnel2
  /**
   * Local peer ephemeral public key
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *my_eph;
+  struct GNUNET_CRYPTO_EccPublicKey *my_eph;
  /**
   * Remote peer's public key.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *peers_eph;
+  struct GNUNET_CRYPTO_EccPublicKey *peers_eph;
  /**
   * Encryption ("our") key.
@@ -837,7 +837,7 @@ static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
 /**
 * Own public key.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * All ports clients of this peer have opened.
diff --git a/src/mesh/gnunet-service-mesh.c b/src/mesh/gnunet-service-mesh.c
index 6fa9d1d17..0dfac410d 100644
--- a/src/mesh/gnunet-service-mesh.c
+++ b/src/mesh/gnunet-service-mesh.c
@@ -722,7 +722,7 @@ static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
 /**
 * Own public key.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * Tunnel ID for the next created tunnel (global tunnel number).
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index 56e2859d0..50a8601f8 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -305,7 +305,7 @@ del_continuation (void *cls,
 */
 static void
 display_record (void *cls,
-                const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                struct GNUNET_TIME_Absolute expire,                         
                const char *name,
                unsigned int rd_len,
@@ -396,7 +396,7 @@ sync_cb (void *cls)
 */
 static void
 get_existing_record (void *cls,
-                     const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                     const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                     struct GNUNET_TIME_Absolute freshness,                         
                     const char *rec_name,
                     unsigned int rd_count,
@@ -453,7 +453,7 @@ testservice_task (void *cls,
                  int result)
 {
  const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
  struct GNUNET_NAMESTORE_RecordData rd;
  if (GNUNET_YES != result)
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index f8663775b..a4e463642 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -283,10 +283,9 @@ write_key_to_file (const char *filename,
                   struct GNUNET_NAMESTORE_CryptoContainer *c)
 {
  struct GNUNET_CRYPTO_EccPrivateKey *ret = c->privkey;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
  struct GNUNET_DISK_FileHandle *fd;
  struct GNUNET_CRYPTO_ShortHashCode zone;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+  struct GNUNET_CRYPTO_EccPublicKey pubkey;
  struct GNUNET_CRYPTO_EccPrivateKey *privkey;
  fd = GNUNET_DISK_file_open (filename, 
@@ -305,7 +304,7 @@ write_key_to_file (const char *filename,
    }
    GNUNET_CRYPTO_ecc_key_get_public (privkey, &pubkey);
    GNUNET_CRYPTO_short_hash (&pubkey, 
-                              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), 
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey), 
                              &zone);
    GNUNET_CRYPTO_ecc_key_free (privkey);
    if (0 == memcmp (&zone, &c->zone, sizeof(zone)))
@@ -326,17 +325,21 @@ write_key_to_file (const char *filename,
    LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
    return GNUNET_SYSERR;
  }
-  if (GNUNET_YES != GNUNET_DISK_file_lock (fd, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded), GNUNET_YES))
+  if (GNUNET_YES != 
+      GNUNET_DISK_file_lock (fd, 0, 
+                             sizeof (struct GNUNET_CRYPTO_EccPrivateKey),
+                             GNUNET_YES))
  {
    GNUNET_break (GNUNET_YES == GNUNET_DISK_file_close (fd));
    return GNUNET_SYSERR;
  }
-  enc = GNUNET_CRYPTO_ecc_encode_key (ret);
+  GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EccPrivateKey) ==
-  GNUNET_assert (NULL != enc);
+                 GNUNET_DISK_file_write (fd, ret,
-  GNUNET_assert (ntohs (enc->size) == GNUNET_DISK_file_write (fd, enc, ntohs (enc->size)));
+                                         sizeof (struct GNUNET_CRYPTO_EccPrivateKey)));
-  GNUNET_free (enc);
  GNUNET_DISK_file_sync (fd);
-  if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)))
+  if (GNUNET_YES != 
+      GNUNET_DISK_file_unlock (fd, 0, 
+                               sizeof (struct GNUNET_CRYPTO_EccPrivateKey)))
    LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
  GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -387,14 +390,14 @@ zone_to_disk_it (void *cls,
 static void
 learn_private_key (struct GNUNET_CRYPTO_EccPrivateKey *pkey)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
  struct GNUNET_HashCode long_hash;
  struct GNUNET_CRYPTO_ShortHashCode pubkey_hash;
  struct GNUNET_NAMESTORE_CryptoContainer *cc;
  GNUNET_CRYPTO_ecc_key_get_public (pkey, &pub);
  GNUNET_CRYPTO_short_hash (&pub,
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &pubkey_hash);
  GNUNET_CRYPTO_short_hash_double (&pubkey_hash, &long_hash);
@@ -643,7 +646,7 @@ struct LookupNameContext
 */
 static void
 handle_lookup_name_it (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                       const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                       struct GNUNET_TIME_Absolute expire,
                       const char *name,
                       unsigned int rd_count,
@@ -680,7 +683,7 @@ handle_lookup_name_it (void *cls,
  if (NULL != zone_key) 
  {
    GNUNET_CRYPTO_short_hash (zone_key, 
-                              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), 
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey), 
                              &zone_key_hash);
    GNUNET_CRYPTO_short_hash_double (&zone_key_hash, &long_hash);
    if (NULL != (cc = GNUNET_CONTAINER_multihashmap_get (zonekeys, &long_hash)))   
@@ -991,7 +994,7 @@ static void
 send_lookup_response (struct GNUNET_SERVER_NotificationContext *nc,                     
                      struct GNUNET_SERVER_Client *client,
                      uint32_t request_id,
-                      const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                      struct GNUNET_TIME_Absolute expire,
                      const char *name,
                      unsigned int rd_count,
@@ -1198,16 +1201,14 @@ handle_record_create (void *cls,
  size_t msg_size;
  size_t msg_size_exp;
  size_t rd_ser_len;
-  size_t key_len;
  uint32_t rid;
-  const char *pkey_tmp;
  const char *name_tmp;
  char *conv_name;
  const char *rd_ser;
  unsigned int rd_count;
  int res;
  struct GNUNET_CRYPTO_ShortHashCode pubkey_hash;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+  struct GNUNET_CRYPTO_EccPublicKey pubkey;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
              "Received `%s' message\n", "NAMESTORE_RECORD_CREATE");
@@ -1229,8 +1230,8 @@ handle_record_create (void *cls,
  msg_size = ntohs (message->size);
  rd_count = ntohs (rp_msg->rd_count);
  rd_ser_len = ntohs (rp_msg->rd_len);
-  key_len = ntohs (rp_msg->pkey_len);
+  GNUNET_break (0 == ntohs (rp_msg->reserved));
-  msg_size_exp = sizeof (struct RecordCreateMessage) + key_len + name_len + rd_ser_len;
+  msg_size_exp = sizeof (struct RecordCreateMessage) + name_len + rd_ser_len;
  if (msg_size != msg_size_exp)
  {
    GNUNET_break (0);
@@ -1243,8 +1244,7 @@ handle_record_create (void *cls,
    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
    return;
  }
-  pkey_tmp = (const char *) &rp_msg[1];
+  name_tmp = (const char *) &rp_msg[1];
-  name_tmp = &pkey_tmp[key_len];
  rd_ser = &name_tmp[name_len];
  if ('\0' != name_tmp[name_len -1])
  {
@@ -1252,13 +1252,8 @@ handle_record_create (void *cls,
    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
    return;
  }
-  if (NULL == (pkey = GNUNET_CRYPTO_ecc_decode_key (pkey_tmp, key_len,
+  pkey = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
-                                                    GNUNET_NO)))
+  memcpy (pkey, &rp_msg->private_key, sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
-  {
-    GNUNET_break (0);
-    GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
-    return;
-  }
  {
    struct GNUNET_NAMESTORE_RecordData rd[rd_count];
@@ -1274,7 +1269,7 @@ handle_record_create (void *cls,
    /* Extracting and converting private key */
    GNUNET_CRYPTO_ecc_key_get_public (pkey, &pubkey);
    GNUNET_CRYPTO_short_hash (&pubkey,
-                              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                              &pubkey_hash);
    learn_private_key (pkey);    
    conv_name = GNUNET_NAMESTORE_normalize_string (name_tmp);
@@ -1373,7 +1368,7 @@ struct ZoneToNameCtx
 */
 static void
 handle_zone_to_name_it (void *cls,
-                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                        const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                        struct GNUNET_TIME_Absolute expire,
                        const char *name,
                        unsigned int rd_count,
@@ -1552,7 +1547,7 @@ struct ZoneIterationProcResult
 */
 static void
 zone_iteraterate_proc (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                       const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                       struct GNUNET_TIME_Absolute expire,
                       const char *name,
                       unsigned int rd_count,
@@ -1633,7 +1628,7 @@ zone_iteraterate_proc (void *cls,
    /* compute / obtain signature, but only if we (a) have records and (b) expiration times were 
       converted to absolute expiration times */
    GNUNET_CRYPTO_short_hash (zone_key, 
-                              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                              &zone_hash);
    GNUNET_CRYPTO_short_hash_double (&zone_hash, &long_hash);
    if (NULL != (cc = GNUNET_CONTAINER_multihashmap_get (zonekeys, &long_hash)))
@@ -1976,7 +1971,7 @@ monitor_next (void *cls,
 */
 static void
 monitor_iterate_cb (void *cls,
-                    const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                    const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                    struct GNUNET_TIME_Absolute expire,
                    const char *name,
                    unsigned int rd_count,
diff --git a/src/namestore/namestore.h b/src/namestore/namestore.h
index 7245e1631..58ecbf65d 100644
--- a/src/namestore/namestore.h
+++ b/src/namestore/namestore.h
@@ -166,7 +166,7 @@ struct LookupNameResponseMessage
  /**
   * The public key for the name
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /* 0-terminated name and serialized record data */
  /* rd_len bytes serialized record data */
@@ -216,7 +216,7 @@ struct RecordPutMessage
  /**
   * The public key
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /* name (0-terminated) followed by "rd_count" serialized records */
@@ -271,15 +271,16 @@ struct RecordCreateMessage
  uint16_t rd_count;
  /**
-   * private key length 
+   * always zero
   */
-  uint16_t pkey_len;
+  uint16_t reserved;
+  struct GNUNET_CRYPTO_EccPrivateKey private_key;
  /* followed by:
-   * GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded private key with length pkey_len
   * name with length name_len
   * serialized record data with length rd_len
-   * */
+   */
 };
@@ -366,7 +367,7 @@ struct ZoneToNameResponseMessage
  /**
   * Publik key
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded zone_key;
+  struct GNUNET_CRYPTO_EccPublicKey zone_key;
 };
diff --git a/src/namestore/namestore_api.c b/src/namestore/namestore_api.c
index 19ba86980..c5b213954 100644
--- a/src/namestore/namestore_api.c
+++ b/src/namestore/namestore_api.c
@@ -266,7 +266,7 @@ handle_lookup_name_response (struct GNUNET_NAMESTORE_QueueEntry *qe,
  const char * rd_tmp;
  const struct GNUNET_CRYPTO_EccSignature *signature;
  struct GNUNET_TIME_Absolute expire;
-  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *public_key_tmp;
+  const struct GNUNET_CRYPTO_EccPublicKey *public_key_tmp;
  size_t exp_msg_len;
  size_t msg_len;
  size_t name_len;
@@ -518,7 +518,7 @@ handle_zone_iteration_response (struct GNUNET_NAMESTORE_ZoneIterator *ze,
                                const struct LookupNameResponseMessage *msg,
                                size_t size)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubdummy;
+  struct GNUNET_CRYPTO_EccPublicKey pubdummy;
  size_t msg_len;
  size_t exp_msg_len;
  size_t name_len;
@@ -931,7 +931,7 @@ GNUNET_NAMESTORE_disconnect (struct GNUNET_NAMESTORE_Handle *h)
 */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
-                             const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                             const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                             const char *name,
                             struct GNUNET_TIME_Absolute freshness,
                             unsigned int rd_count,
@@ -1016,7 +1016,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
 * @return GNUNET_OK if the signature is valid
 */
 int
-GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *public_key,
+GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKey *public_key,
                                   const struct GNUNET_TIME_Absolute freshness,
                                   const char *name,
                                   unsigned int rd_count,
@@ -1087,16 +1087,13 @@ GNUNET_NAMESTORE_record_put_by_authority (struct GNUNET_NAMESTORE_Handle *h,
 {
  struct GNUNET_NAMESTORE_QueueEntry *qe;
  struct PendingMessage *pe;
-  char * name_tmp;
+  char *name_tmp;
-  char * pkey_tmp;
+  char *rd_ser;
-  char * rd_ser;
  size_t rd_ser_len;
  size_t msg_size;
  size_t name_len;
-  size_t key_len;
  uint32_t rid;
-  struct RecordCreateMessage * msg;
+  struct RecordCreateMessage *msg;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded * pkey_enc;
  GNUNET_assert (NULL != h);
  GNUNET_assert (NULL != pkey);
@@ -1115,13 +1112,9 @@ GNUNET_NAMESTORE_record_put_by_authority (struct GNUNET_NAMESTORE_Handle *h,
  qe->op_id = rid;
  GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, qe);
-  pkey_enc = GNUNET_CRYPTO_ecc_encode_key (pkey);
-  GNUNET_assert (NULL != pkey_enc);
  /* setup msg */
-  key_len = ntohs (pkey_enc->size);
  rd_ser_len = GNUNET_NAMESTORE_records_get_size (rd_count, rd);
-  msg_size = sizeof (struct RecordCreateMessage) + key_len + name_len + rd_ser_len;
+  msg_size = sizeof (struct RecordCreateMessage) + name_len + rd_ser_len;
  pe = GNUNET_malloc (sizeof (struct PendingMessage) + msg_size);
  pe->size = msg_size;
  pe->is_init = GNUNET_NO;
@@ -1132,15 +1125,14 @@ GNUNET_NAMESTORE_record_put_by_authority (struct GNUNET_NAMESTORE_Handle *h,
  msg->name_len = htons (name_len);
  msg->rd_count = htons (rd_count);
  msg->rd_len = htons (rd_ser_len);
-  msg->pkey_len = htons (key_len);
+  msg->reserved = htons (0);
  msg->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
-  pkey_tmp = (char *) &msg[1];
+  msg->private_key = *pkey;
-  memcpy (pkey_tmp, pkey_enc, key_len);
-  name_tmp = &pkey_tmp[key_len];
+  name_tmp = (char *) &msg[1];
  memcpy (name_tmp, name, name_len);
  rd_ser = &name_tmp[name_len];
  GNUNET_break (rd_ser_len == GNUNET_NAMESTORE_records_serialize (rd_count, rd, rd_ser_len, rd_ser));
-  GNUNET_free (pkey_enc);
  LOG (GNUNET_ERROR_TYPE_DEBUG, 
       "Sending `%s' message for name `%s' with size %u\n", 
diff --git a/src/namestore/plugin_namestore_postgres.c b/src/namestore/plugin_namestore_postgres.c
index 070549b33..64bfa631c 100644
--- a/src/namestore/plugin_namestore_postgres.c
+++ b/src/namestore/plugin_namestore_postgres.c
@@ -1,6 +1,6 @@
 /*
  * This file is part of GNUnet
-  * (C) 2009, 2011, 2012 Christian Grothoff (and other contributing authors)
+  * (C) 2009-2013 Christian Grothoff (and other contributing authors)
  *
  * GNUnet is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published
@@ -269,7 +269,7 @@ namestore_postgres_remove_records (void *cls,
 */
 static int 
 namestore_postgres_put_records (void *cls, 
-                                const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *name,
                                unsigned int rd_count,
@@ -287,7 +287,7 @@ namestore_postgres_put_records (void *cls,
  unsigned int i;
  GNUNET_CRYPTO_short_hash (zone_key, 
-                            sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                            sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                            &zone);
  (void) namestore_postgres_remove_records (plugin, &zone, name);
  name_len = strlen (name);
@@ -327,7 +327,7 @@ namestore_postgres_put_records (void *cls,
      (const char *) &rvalue_be
    };
    int paramLengths[] = {
-      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
      name_len,
      sizeof (uint32_t),
      data_size,
@@ -378,7 +378,7 @@ get_record_and_call_iterator (struct Plugin *plugin,
 {
  unsigned int record_count;
  size_t data_size;
-  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key;
+  const struct GNUNET_CRYPTO_EccPublicKey *zone_key;
  const struct GNUNET_CRYPTO_EccSignature *sig;
  struct GNUNET_TIME_Absolute expiration;
  const char *data;
@@ -406,7 +406,7 @@ get_record_and_call_iterator (struct Plugin *plugin,
  }
  GNUNET_assert (1 == cnt);
  if ((6 != PQnfields (res)) || 
-      (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) != PQgetlength (res, 0, 0)) || 
+      (sizeof (struct GNUNET_CRYPTO_EccPublicKey) != PQgetlength (res, 0, 0)) || 
      (sizeof (uint32_t) != PQfsize (res, 2)) || 
      (sizeof (uint64_t) != PQfsize (res, 4)) || 
      (sizeof (struct GNUNET_CRYPTO_EccSignature) != PQgetlength (res, 0, 5)))
@@ -415,7 +415,7 @@ get_record_and_call_iterator (struct Plugin *plugin,
    PQclear (res);
    return GNUNET_SYSERR;
  }
-  zone_key = (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *) PQgetvalue (res, 0, 0);
+  zone_key = (const struct GNUNET_CRYPTO_EccPublicKey *) PQgetvalue (res, 0, 0);
  name = PQgetvalue (res, 0, 1);
  name_len = PQgetlength (res, 0, 1);
  record_count = ntohl (*(uint32_t *) PQgetvalue (res, 0, 2));
diff --git a/src/namestore/plugin_namestore_sqlite.c b/src/namestore/plugin_namestore_sqlite.c
index 6c76d12e9..6ee3de495 100644
--- a/src/namestore/plugin_namestore_sqlite.c
+++ b/src/namestore/plugin_namestore_sqlite.c
@@ -1,6 +1,6 @@
 /*
  * This file is part of GNUnet
-  * (C) 2009, 2011, 2012 Christian Grothoff (and other contributing authors)
+  * (C) 2009-2013 Christian Grothoff (and other contributing authors)
  *
  * GNUnet is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published
@@ -450,7 +450,7 @@ namestore_sqlite_remove_records (void *cls,
 */
 static int 
 namestore_sqlite_put_records (void *cls, 
-                              const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                              const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                              struct GNUNET_TIME_Absolute expire,
                              const char *name,
                              unsigned int rd_count,
@@ -467,7 +467,7 @@ namestore_sqlite_put_records (void *cls,
  size_t data_size;
  unsigned int i;
-  GNUNET_CRYPTO_short_hash (zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &zone);
+  GNUNET_CRYPTO_short_hash (zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &zone);
  (void) namestore_sqlite_remove_records (plugin, &zone, name);
  name_len = strlen (name);
  GNUNET_CRYPTO_short_hash (name, name_len, &nh);
@@ -497,7 +497,7 @@ namestore_sqlite_put_records (void *cls,
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if ((SQLITE_OK != sqlite3_bind_blob (plugin->put_records, 1, zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), SQLITE_STATIC)) ||
+    if ((SQLITE_OK != sqlite3_bind_blob (plugin->put_records, 1, zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKey), SQLITE_STATIC)) ||
        (SQLITE_OK != sqlite3_bind_text (plugin->put_records, 2, name, -1, SQLITE_STATIC)) ||
        (SQLITE_OK != sqlite3_bind_int (plugin->put_records, 3, rd_count)) ||
        (SQLITE_OK != sqlite3_bind_blob (plugin->put_records, 4, data, data_size, SQLITE_STATIC)) ||
@@ -560,7 +560,7 @@ get_record_and_call_iterator (struct Plugin *plugin,
  int sret;
  unsigned int record_count;
  size_t data_size;
-  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key;
+  const struct GNUNET_CRYPTO_EccPublicKey *zone_key;
  const struct GNUNET_CRYPTO_EccSignature *sig;
  struct GNUNET_TIME_Absolute expiration;
  const char *data;
@@ -578,7 +578,7 @@ get_record_and_call_iterator (struct Plugin *plugin,
    expiration.abs_value = (uint64_t) sqlite3_column_int64 (stmt, 4);
    sig = sqlite3_column_blob (stmt, 5);
-    if ( (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) != sqlite3_column_bytes (stmt, 0)) ||
+    if ( (sizeof (struct GNUNET_CRYPTO_EccPublicKey) != sqlite3_column_bytes (stmt, 0)) ||
         (sizeof (struct GNUNET_CRYPTO_EccSignature) != sqlite3_column_bytes (stmt, 5)) )
    {
      GNUNET_break (0);
diff --git a/src/namestore/test_namestore_api.c b/src/namestore/test_namestore_api.c
index 32dd4844c..3397b35f1 100644
--- a/src/namestore/test_namestore_api.c
+++ b/src/namestore/test_namestore_api.c
@@ -41,7 +41,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey *privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_ShortHashCode zone;
@@ -96,7 +96,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 name_lookup_proc (void *cls,
-                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                  struct GNUNET_TIME_Absolute expire,
                  const char *name,
                  unsigned int rd_count,
diff --git a/src/namestore/test_namestore_api_create.c b/src/namestore/test_namestore_api_create.c
index aba18c192..4eac96df6 100644
--- a/src/namestore/test_namestore_api_create.c
+++ b/src/namestore/test_namestore_api_create.c
@@ -52,7 +52,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_ShortHashCode s_zone;
@@ -108,7 +108,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void 
 name_lookup_second_proc (void *cls,
-                         const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                         const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                         struct GNUNET_TIME_Absolute expire,
                         const char *n,
                         unsigned int rd_count,
@@ -122,7 +122,7 @@ name_lookup_second_proc (void *cls,
  if (n != NULL)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking returned results\n");
-    if (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+    if (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
    {
      GNUNET_break (0);
      failed = GNUNET_YES;
@@ -203,7 +203,7 @@ create_second_cont (void *cls, int32_t success, const char *emsg)
 static void 
 name_lookup_initial_proc (void *cls,
-                          const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                          const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                          struct GNUNET_TIME_Absolute expire,
                          const char *n,
                          unsigned int rd_count,
@@ -219,7 +219,7 @@ name_lookup_initial_proc (void *cls,
  if (n != NULL)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking returned results\n");
-    if (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+    if (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
    {
      GNUNET_break (0);
      failed = GNUNET_YES;
@@ -353,7 +353,7 @@ run (void *cls,
  GNUNET_NAMESTORE_records_serialize(1, s_first_record, rd_ser_len, rd_ser);
  /* create random zone hash */
-  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Name: `%s' Zone: `%s' \n", s_name, GNUNET_NAMESTORE_short_h2s (&s_zone));
  nsh = GNUNET_NAMESTORE_connect (cfg);
diff --git a/src/namestore/test_namestore_api_create_update.c b/src/namestore/test_namestore_api_create_update.c
index 28211d439..f1e66963f 100644
--- a/src/namestore/test_namestore_api_create_update.c
+++ b/src/namestore/test_namestore_api_create_update.c
@@ -52,7 +52,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_EccSignature *s_signature;
@@ -243,7 +243,7 @@ run (void *cls,
  s_signature = GNUNET_NAMESTORE_create_signature(privkey, et, s_name, s_first_record, 1);
  /* create random zone hash */
-  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Name: `%s' Zone: `%s' \n", s_name, GNUNET_NAMESTORE_short_h2s (&s_zone));
  nsh = GNUNET_NAMESTORE_connect (cfg);
diff --git a/src/namestore/test_namestore_api_lookup.c b/src/namestore/test_namestore_api_lookup.c
index 7673e0fa7..d8f6fe056 100644
--- a/src/namestore/test_namestore_api_lookup.c
+++ b/src/namestore/test_namestore_api_lookup.c
@@ -45,7 +45,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_EccSignature *s_signature;
@@ -105,7 +105,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 name_lookup_proc (void *cls,
-                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                  struct GNUNET_TIME_Absolute expire,
                  const char *n,
                  unsigned int rd_count,
@@ -119,7 +119,7 @@ name_lookup_proc (void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking returned results\n");
    if (0 != memcmp (zone_key, &pubkey, 
-                     sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+                     sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
    {
      GNUNET_break (0);
    }
@@ -243,7 +243,7 @@ run (void *cls,
    
    /* create random zone hash */
    GNUNET_CRYPTO_short_hash (&pubkey, 
-                              sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), 
+                              sizeof (struct GNUNET_CRYPTO_EccPublicKey), 
                              &s_zone);
    nsh = GNUNET_NAMESTORE_connect (cfg);
    GNUNET_break (NULL != nsh);
diff --git a/src/namestore/test_namestore_api_lookup_specific_type.c b/src/namestore/test_namestore_api_lookup_specific_type.c
index 49988ed3f..28632c83f 100644
--- a/src/namestore/test_namestore_api_lookup_specific_type.c
+++ b/src/namestore/test_namestore_api_lookup_specific_type.c
@@ -50,7 +50,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_EccSignature *s_signature;
@@ -110,7 +110,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void 
 name_lookup_existing_record_type (void *cls,
-                                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                  struct GNUNET_TIME_Absolute expire,
                                  const char *n,
                                  unsigned int rd_count,
@@ -121,7 +121,7 @@ name_lookup_existing_record_type (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Namestore returned %u records\n", rd_count);
-  if ((NULL == n) || (0 != memcmp(zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))))
+  if ((NULL == n) || (0 != memcmp(zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey))))
  {
    GNUNET_break(0);
    failed = GNUNET_YES;
@@ -156,7 +156,7 @@ name_lookup_existing_record_type (void *cls,
 static void
 name_lookup_non_existing_record_type (void *cls,
-                                      const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                      struct GNUNET_TIME_Absolute expire,
                                      const char *n,
                                      unsigned int rd_count,
@@ -300,7 +300,7 @@ run (void *cls,
    s_signature = GNUNET_NAMESTORE_create_signature(privkey, et, s_name, s_rd, RECORDS);
    /* create random zone hash */
-    GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+    GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
    nsh = GNUNET_NAMESTORE_connect (cfg);
    GNUNET_break (NULL != nsh);
    GNUNET_break (s_rd != NULL);
diff --git a/src/namestore/test_namestore_api_monitoring.c b/src/namestore/test_namestore_api_monitoring.c
index b3147c43a..c103952fa 100644
--- a/src/namestore/test_namestore_api_monitoring.c
+++ b/src/namestore/test_namestore_api_monitoring.c
@@ -39,13 +39,13 @@ static GNUNET_SCHEDULER_TaskIdentifier stopiteration_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_HashCode zone;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey2;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey2;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey2;
 static struct GNUNET_HashCode zone2;
@@ -152,7 +152,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+           const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
           struct GNUNET_TIME_Absolute expire,
           const char *name,
           unsigned int rd_count,
diff --git a/src/namestore/test_namestore_api_put.c b/src/namestore/test_namestore_api_put.c
index df5cb336e..ff99b60f9 100644
--- a/src/namestore/test_namestore_api_put.c
+++ b/src/namestore/test_namestore_api_put.c
@@ -44,7 +44,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_NAMESTORE_RecordData *s_rd;
diff --git a/src/namestore/test_namestore_api_remove.c b/src/namestore/test_namestore_api_remove.c
index 77edd3fa9..f278b30db 100644
--- a/src/namestore/test_namestore_api_remove.c
+++ b/src/namestore/test_namestore_api_remove.c
@@ -51,7 +51,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_EccSignature *s_signature;
@@ -109,7 +109,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 name_lookup_proc (void *cls,
-                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                  struct GNUNET_TIME_Absolute expire,
                  const char *n,
                  unsigned int rd_count,
@@ -124,7 +124,7 @@ name_lookup_proc (void *cls,
                "Lookup for name `%s' returned %u records\n", n, rd_count);
    if (0 != memcmp (zone_key, 
                     &pubkey,
-                     sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+                     sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
    {
      GNUNET_break (0);
      failed = GNUNET_YES;
@@ -254,7 +254,7 @@ run (void *cls,
  s_signature = GNUNET_NAMESTORE_create_signature(privkey, et, s_name, s_rd, RECORDS);
  /* create random zone hash */
-  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Name: `%s' Zone: `%s' \n", s_name, GNUNET_NAMESTORE_short_h2s (&s_zone));
  nsh = GNUNET_NAMESTORE_connect (cfg);
diff --git a/src/namestore/test_namestore_api_remove_not_existing_record.c b/src/namestore/test_namestore_api_remove_not_existing_record.c
index 4e207257e..a85bc8c05 100644
--- a/src/namestore/test_namestore_api_remove_not_existing_record.c
+++ b/src/namestore/test_namestore_api_remove_not_existing_record.c
@@ -51,7 +51,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_EccSignature *s_signature;
@@ -202,7 +202,7 @@ run (void *cls,
  s_signature = GNUNET_NAMESTORE_create_signature(privkey, et, s_name, s_rd, RECORDS);
  /* create random zone hash */
-  GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+  GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Name: `%s' Zone: `%s' \n", s_name, GNUNET_h2s_full(&s_zone));
  nsh = GNUNET_NAMESTORE_connect (cfg);
diff --git a/src/namestore/test_namestore_api_sign_verify.c b/src/namestore/test_namestore_api_sign_verify.c
index 647cc59be..e2913991c 100644
--- a/src/namestore/test_namestore_api_sign_verify.c
+++ b/src/namestore/test_namestore_api_sign_verify.c
@@ -44,7 +44,7 @@
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_NAMESTORE_RecordData *s_rd;
diff --git a/src/namestore/test_namestore_api_zone_iteration.c b/src/namestore/test_namestore_api_zone_iteration.c
index f2d77d2ac..63e4adf40 100644
--- a/src/namestore/test_namestore_api_zone_iteration.c
+++ b/src/namestore/test_namestore_api_zone_iteration.c
@@ -39,13 +39,13 @@ static GNUNET_SCHEDULER_TaskIdentifier stopiteration_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_HashCode zone;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey2;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey2;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey2;
 static struct GNUNET_HashCode zone2;
@@ -179,7 +179,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+           const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
           struct GNUNET_TIME_Absolute expire,
           const char *name,
           unsigned int rd_count,
@@ -204,7 +204,7 @@ zone_proc (void *cls,
    if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature (zone_key, expire, name, rd_count, rd, signature))
    {
      struct GNUNET_HashCode zone_key_hash;
-      GNUNET_CRYPTO_hash (zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &zone_key_hash);
+      GNUNET_CRYPTO_hash (zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &zone_key_hash);
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Verifying signature for `%s' in zone `%s' with %u records  and expiration %llu failed\n", name, GNUNET_h2s(&zone_key_hash), rd_count, expire.abs_value);
      failed = GNUNET_YES;
@@ -354,7 +354,7 @@ create_record (unsigned int count)
 */
 static void
 empty_zone_proc (void *cls,
-                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                 struct GNUNET_TIME_Absolute expire,
                 const char *name,
                 unsigned int rd_count,
diff --git a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
index 3dce51d90..020c8358f 100644
--- a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
+++ b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
@@ -39,13 +39,13 @@ static GNUNET_SCHEDULER_TaskIdentifier stopiteration_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_CRYPTO_ShortHashCode zone;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey2;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey2;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey2;
 static struct GNUNET_CRYPTO_ShortHashCode zone2;
@@ -174,7 +174,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+           const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
           struct GNUNET_TIME_Absolute expire,
           const char *name,
           unsigned int rd_count,
diff --git a/src/namestore/test_namestore_api_zone_iteration_stop.c b/src/namestore/test_namestore_api_zone_iteration_stop.c
index 9c1829e91..5d44555d1 100644
--- a/src/namestore/test_namestore_api_zone_iteration_stop.c
+++ b/src/namestore/test_namestore_api_zone_iteration_stop.c
@@ -38,13 +38,13 @@ static GNUNET_SCHEDULER_TaskIdentifier stopiteration_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_HashCode zone;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey2;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey2;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey2;
 static struct GNUNET_HashCode zone2;
@@ -177,7 +177,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 zone_proc (void *cls,
-           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+           const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
           struct GNUNET_TIME_Absolute expire,
           const char *name,
           unsigned int rd_count,
diff --git a/src/namestore/test_namestore_api_zone_to_name.c b/src/namestore/test_namestore_api_zone_to_name.c
index f0b712eb9..e1fefec09 100644
--- a/src/namestore/test_namestore_api_zone_to_name.c
+++ b/src/namestore/test_namestore_api_zone_to_name.c
@@ -45,7 +45,7 @@ static GNUNET_SCHEDULER_TaskIdentifier endbadly_task;
 static struct GNUNET_CRYPTO_EccPrivateKey * privkey;
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pubkey;
+static struct GNUNET_CRYPTO_EccPublicKey pubkey;
 static struct GNUNET_TIME_Absolute expire;
@@ -98,7 +98,7 @@ end (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 zone_to_name_proc (void *cls,
-                   const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                   const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                   struct GNUNET_TIME_Absolute expire,
                   const char *n,
                   unsigned int rd_count,
@@ -125,7 +125,7 @@ zone_to_name_proc (void *cls,
      fail = GNUNET_YES;
      GNUNET_break (0);
    }
-    if ((zone_key == NULL) || (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))))
+    if ((zone_key == NULL) || (0 != memcmp (zone_key, &pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey))))
    {
      fail = GNUNET_YES;
      GNUNET_break (0);
@@ -182,7 +182,7 @@ run (void *cls,
  GNUNET_CRYPTO_ecc_key_get_public(privkey, &pubkey);
  /* zone hash */
-  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), &s_zone);
+  GNUNET_CRYPTO_short_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_EccPublicKey), &s_zone);
  GNUNET_CRYPTO_short_hash (s_name, strlen (s_name) + 1, &s_zone_value);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using PKEY `%s' \n", GNUNET_NAMESTORE_short_h2s (&s_zone_value));
diff --git a/src/namestore/test_plugin_namestore.c b/src/namestore/test_plugin_namestore.c
index b7d2341e4..35c9e920f 100644
--- a/src/namestore/test_plugin_namestore.c
+++ b/src/namestore/test_plugin_namestore.c
@@ -95,7 +95,7 @@ load_plugin (const struct GNUNET_CONFIGURATION_Handle *cfg)
 */
 static void 
 test_record (void *cls,
-             const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+             const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
             struct GNUNET_TIME_Absolute expire,
             const char *name,
             unsigned int rd_count,
@@ -104,7 +104,7 @@ test_record (void *cls,
 {
  int *idp = cls;
  int id = *idp;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded tzone_key;
+  struct GNUNET_CRYPTO_EccPublicKey tzone_key;
  char tname[64];
  unsigned int trd_count = 1 + (id % 1024);
  struct GNUNET_CRYPTO_EccSignature tsignature;
@@ -122,7 +122,7 @@ test_record (void *cls,
  memset (&tzone_key, (id % 241), sizeof (tzone_key));
  memset (&tsignature, (id % 243), sizeof (tsignature));
  GNUNET_assert (0 == strcmp (name, tname));
-  GNUNET_assert (0 == memcmp (&tzone_key, zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)));
+  GNUNET_assert (0 == memcmp (&tzone_key, zone_key, sizeof (struct GNUNET_CRYPTO_EccPublicKey)));
  GNUNET_assert (0 == memcmp (&tsignature, signature, sizeof (struct GNUNET_CRYPTO_EccSignature)));
 }
@@ -139,7 +139,7 @@ get_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id)
 static void
 put_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded zone_key;
+  struct GNUNET_CRYPTO_EccPublicKey zone_key;
  struct GNUNET_TIME_Absolute expire;
  char name[64];
  unsigned int rd_count = 1 + (id % 1024);
@@ -175,7 +175,7 @@ run (void *cls, char *const *args, const char *cfgfile,
     const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
  struct GNUNET_NAMESTORE_PluginFunctions *nsp;  
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded zone_key;
+  struct GNUNET_CRYPTO_EccPublicKey zone_key;
  struct GNUNET_CRYPTO_ShortHashCode zone;
  
  ok = 0;
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index b39891e7e..832c43abc 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -190,7 +190,7 @@ struct GNUNET_NSE_FloodMessage
  /**
   * Public key of the originator.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  /**
   * Proof of work, causing leading zeros when hashed with pkey.
@@ -289,7 +289,7 @@ static struct GNUNET_TIME_Absolute current_timestamp;
 /**
 * The public key of this peer.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * The private key of this peer.
@@ -844,16 +844,16 @@ count_leading_zeroes (const struct GNUNET_HashCode * hash)
 * @return GNUNET_YES if valid, GNUNET_NO if not
 */
 static int
-check_proof_of_work (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pkey,
+check_proof_of_work (const struct GNUNET_CRYPTO_EccPublicKey *pkey,
                     uint64_t val)
 {
-  char buf[sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+  char buf[sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
           sizeof (val)] GNUNET_ALIGN;
  struct GNUNET_HashCode result;
  memcpy (buf, &val, sizeof (val));
  memcpy (&buf[sizeof (val)], pkey,
-          sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+          sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  pow_hash (buf, sizeof (buf), &result);
  return (count_leading_zeroes (&result) >=
          nse_work_required) ? GNUNET_YES : GNUNET_NO;
@@ -892,14 +892,14 @@ find_proof (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
 #define ROUND_SIZE 10
  uint64_t counter;
-  char buf[sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+  char buf[sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
           sizeof (uint64_t)] GNUNET_ALIGN;
  struct GNUNET_HashCode result;
  unsigned int i;
  proof_task = GNUNET_SCHEDULER_NO_TASK;
  memcpy (&buf[sizeof (uint64_t)], &my_public_key,
-          sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+          sizeof (struct GNUNET_CRYPTO_EccPublicKey));
  i = 0;
  counter = my_proof;
  while ((counter != UINT64_MAX) && (i < ROUND_SIZE))
@@ -1052,7 +1052,7 @@ handle_p2p_size_estimate (void *cls, const struct GNUNET_PeerIdentity *peer,
    struct GNUNET_PeerIdentity os;
    GNUNET_CRYPTO_hash (&incoming_flood->pkey,
-                        sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                        sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                        &os.hashPubKey);
    GNUNET_snprintf (origin, sizeof (origin), "%s", GNUNET_i2s (&os));
    GNUNET_snprintf (pred, sizeof (pred), "%s", GNUNET_i2s (peer));
diff --git a/src/peerinfo-tool/gnunet-peerinfo.c b/src/peerinfo-tool/gnunet-peerinfo.c
index 545f8a7e8..d0f9edb06 100644
--- a/src/peerinfo-tool/gnunet-peerinfo.c
+++ b/src/peerinfo-tool/gnunet-peerinfo.c
@@ -192,7 +192,7 @@ static struct GNUNET_PeerIdentity my_peer_identity;
 /**
 * My public key.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * Head of list of print contexts.
diff --git a/src/peerinfo/gnunet-service-peerinfo.c b/src/peerinfo/gnunet-service-peerinfo.c
index dc4c9fa07..6be98879f 100644
--- a/src/peerinfo/gnunet-service-peerinfo.c
+++ b/src/peerinfo/gnunet-service-peerinfo.c
@@ -655,7 +655,7 @@ update_friend_hello (const struct GNUNET_HELLO_Message *hello,
 {
  struct GNUNET_HELLO_Message * res;
  struct GNUNET_HELLO_Message * tmp;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk;
+  struct GNUNET_CRYPTO_EccPublicKey pk;
  
  if (NULL != friend_hello)
  {
diff --git a/src/peerinfo/perf_peerinfo_api.c b/src/peerinfo/perf_peerinfo_api.c
index d55ccce2b..7a1266b62 100755
--- a/src/peerinfo/perf_peerinfo_api.c
+++ b/src/peerinfo/perf_peerinfo_api.c
@@ -82,7 +82,7 @@ address_generator (void *cls, size_t max, void *buf)
 static void
 add_peer (size_t i)
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_HELLO_Message *h2;
  memset (&pkey, i, sizeof (pkey));
diff --git a/src/peerinfo/test_peerinfo_api.c b/src/peerinfo/test_peerinfo_api.c
index a68b2bdb7..202ebf13a 100644
--- a/src/peerinfo/test_peerinfo_api.c
+++ b/src/peerinfo/test_peerinfo_api.c
@@ -86,7 +86,7 @@ struct GNUNET_PeerIdentity pid;
 static void
 add_peer ()
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_HELLO_Message *h2;
  size_t agc;
diff --git a/src/peerinfo/test_peerinfo_api_friend_only.c b/src/peerinfo/test_peerinfo_api_friend_only.c
index 4c3d3b3ef..6b91757e5 100644
--- a/src/peerinfo/test_peerinfo_api_friend_only.c
+++ b/src/peerinfo/test_peerinfo_api_friend_only.c
@@ -68,7 +68,7 @@ struct GNUNET_PeerIdentity pid;
 static void
 add_peer ()
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_HELLO_Message *h2;
  size_t agc;
diff --git a/src/peerinfo/test_peerinfo_api_notify_friend_only.c b/src/peerinfo/test_peerinfo_api_notify_friend_only.c
index 700bac755..ae2ac5190 100644
--- a/src/peerinfo/test_peerinfo_api_notify_friend_only.c
+++ b/src/peerinfo/test_peerinfo_api_notify_friend_only.c
@@ -227,7 +227,7 @@ add_peer_done (void *cls, const char *emsg)
 static void
 add_peer ()
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  struct GNUNET_HELLO_Message *h2;
  size_t agc;
diff --git a/src/regex/regex_internal_dht.c b/src/regex/regex_internal_dht.c
index 317c6ef48..4f7b16705 100644
--- a/src/regex/regex_internal_dht.c
+++ b/src/regex/regex_internal_dht.c
@@ -381,7 +381,7 @@ dht_get_string_accept_handler (void *cls, struct GNUNET_TIME_Absolute exp,
                            "# regex accepting block bytes found",
                            size, GNUNET_NO);
  GNUNET_CRYPTO_hash (&block->public_key,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &pid.hashPubKey);
  info->callback (info->callback_cls,
                  &pid,
diff --git a/src/testing/gnunet-testing.c b/src/testing/gnunet-testing.c
index 574b585fc..45ca4978c 100644
--- a/src/testing/gnunet-testing.c
+++ b/src/testing/gnunet-testing.c
@@ -118,13 +118,10 @@ create_unique_cfgs (const char * template, const unsigned int no)
 static int
 create_hostkeys (const unsigned int no)
 {
-  static char pad[GNUNET_TESTING_HOSTKEYFILESIZE];
  struct GNUNET_TESTING_System *system;
  struct GNUNET_PeerIdentity id;
  struct GNUNET_DISK_FileHandle *fd;
  struct GNUNET_CRYPTO_EccPrivateKey *pk;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *pkb;
-  ssize_t ret;
  system = GNUNET_TESTING_system_create ("testing", NULL, NULL, NULL);
  pk = GNUNET_TESTING_hostkey_get (system, create_no, &id);
@@ -141,19 +138,11 @@ create_hostkeys (const unsigned int no)
                              GNUNET_DISK_PERM_USER_READ |
                              GNUNET_DISK_PERM_USER_WRITE);
  GNUNET_assert (fd != NULL);
-  pkb = GNUNET_CRYPTO_ecc_encode_key (pk);
+  ret = GNUNET_DISK_file_write (fd, pk,
-  ret = GNUNET_DISK_file_write (fd, pkb, 
+                                sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
-                                ntohs (pkb->size));
-  GNUNET_assert (ntohs (pkb->size) == ret);
-  GNUNET_assert (ntohs (pkb->size) < GNUNET_TESTING_HOSTKEYFILESIZE);
-  GNUNET_assert (GNUNET_TESTING_HOSTKEYFILESIZE - ret ==
-                 GNUNET_DISK_file_write (fd, pad, 
-                                         GNUNET_TESTING_HOSTKEYFILESIZE - ret));
-  
  GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
  GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, "transport-testing",
                   "Wrote hostkey to file: `%s'\n", create_hostkey);
-  GNUNET_free (pkb);
  GNUNET_CRYPTO_ecc_key_free (pk);
  GNUNET_TESTING_system_destroy (system, GNUNET_YES);
  return 0;
diff --git a/src/testing/testing.c b/src/testing/testing.c
index 898af1674..73b2a4ee1 100644
--- a/src/testing/testing.c
+++ b/src/testing/testing.c
@@ -712,7 +712,7 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
                            struct GNUNET_PeerIdentity *id)
 {  
  struct GNUNET_CRYPTO_EccPrivateKey *private_key;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  
  if ((NULL == id) || (NULL == system->hostkeys_data))
    return NULL;
@@ -722,11 +722,11 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
         _("Key number %u does not exist\n"), key_number);
    return NULL;
  }   
-  private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data +
+  private_key = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
-                                              (key_number *
+  memcpy (private_key,
-                                               GNUNET_TESTING_HOSTKEYFILESIZE),
+          system->hostkeys_data +
-                                              GNUNET_TESTING_HOSTKEYFILESIZE,
+          (key_number * GNUNET_TESTING_HOSTKEYFILESIZE),
-                                              GNUNET_NO);
+          GNUNET_TESTING_HOSTKEYFILESIZE);
  if (NULL == private_key)
  {
    LOG (GNUNET_ERROR_TYPE_ERROR,
@@ -735,7 +735,7 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
  }
  GNUNET_CRYPTO_ecc_key_get_public (private_key, &public_key);
  GNUNET_CRYPTO_hash (&public_key,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &(id->hashPubKey));
  return private_key;
 }
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c
index 0039b9a4c..3ef5e1dbf 100644
--- a/src/transport/gnunet-service-transport.c
+++ b/src/transport/gnunet-service-transport.c
@@ -70,7 +70,7 @@ static struct GNUNET_SERVER_Handle *GST_server;
 /**
 * Our public key.
 */
-struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded GST_my_public_key;
+struct GNUNET_CRYPTO_EccPublicKey GST_my_public_key;
 /**
 * Our private key.
diff --git a/src/transport/gnunet-service-transport.h b/src/transport/gnunet-service-transport.h
index cb2c11a9b..a9f455b6a 100644
--- a/src/transport/gnunet-service-transport.h
+++ b/src/transport/gnunet-service-transport.h
@@ -55,7 +55,7 @@ extern struct GNUNET_PEERINFO_Handle *GST_peerinfo;
 /**
 * Our public key.
 */
-extern struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded GST_my_public_key;
+extern struct GNUNET_CRYPTO_EccPublicKey GST_my_public_key;
 /**
 * Our private key.
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c
index 269525a55..e0e549a3a 100644
--- a/src/transport/gnunet-service-transport_neighbours.c
+++ b/src/transport/gnunet-service-transport_neighbours.c
@@ -329,7 +329,7 @@ struct SessionDisconnectMessage
  /**
   * Public key of the sender.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /**
   * Signature of the peer that sends us the disconnect.  Only
@@ -1195,7 +1195,7 @@ send_disconnect (struct NeighbourMapEntry *n)
  disconnect_msg.reserved = htonl (0);
  disconnect_msg.purpose.size =
      htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-             sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+             sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
             sizeof (struct GNUNET_TIME_AbsoluteNBO));
  disconnect_msg.purpose.purpose =
      htonl (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT);
@@ -3151,7 +3151,7 @@ GST_neighbours_handle_disconnect_message (const struct GNUNET_PeerIdentity
    return;
  }
  GNUNET_CRYPTO_hash (&sdm->public_key,
-                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKey),
                      &hc);
  if (0 != memcmp (peer, &hc, sizeof (struct GNUNET_PeerIdentity)))
  {
@@ -3160,7 +3160,7 @@ GST_neighbours_handle_disconnect_message (const struct GNUNET_PeerIdentity
  }
  if (ntohl (sdm->purpose.size) !=
      sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) +
+      sizeof (struct GNUNET_CRYPTO_EccPublicKey) +
      sizeof (struct GNUNET_TIME_AbsoluteNBO))
  {
    GNUNET_break_op (0);
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index 4ea0f07a6..087c52411 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -189,7 +189,7 @@ struct ValidationEntry
  /**
   * Public key of the peer.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  /**
   * The identity of the peer. FIXME: duplicated (also in 'address')
@@ -682,8 +682,8 @@ revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 *         if we don't have an existing entry and no public key was given
 */
 static struct ValidationEntry *
-find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKey *public_key,
-                       *public_key, const struct GNUNET_HELLO_Address *address)
+                       const struct GNUNET_HELLO_Address *address)
 {
  struct ValidationEntryMatchContext vemc;
  struct ValidationEntry *ve;
@@ -737,7 +737,7 @@ add_valid_address (void *cls, const struct GNUNET_HELLO_Address *address,
  struct ValidationEntry *ve;
  struct GNUNET_PeerIdentity pid;
  struct GNUNET_ATS_Information ats;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
  if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0)
    return GNUNET_OK;           /* expired */
@@ -857,8 +857,8 @@ GST_validation_stop ()
 */
 static void
 multicast_pong (void *cls,
-                const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+                const struct GNUNET_CRYPTO_EccPublicKey *public_key, 
-                *public_key, struct GNUNET_TIME_Absolute valid_until,
+                struct GNUNET_TIME_Absolute valid_until,
                struct GNUNET_TIME_Absolute validation_block,
                const struct GNUNET_HELLO_Address *address)
 {
@@ -1139,7 +1139,7 @@ struct ValidateAddressContext
  /**
   * Public key of the peer whose address is being validated.
   */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
 };
diff --git a/src/transport/gnunet-service-transport_validation.h b/src/transport/gnunet-service-transport_validation.h
index 929e97a5c..46d3162c4 100644
--- a/src/transport/gnunet-service-transport_validation.h
+++ b/src/transport/gnunet-service-transport_validation.h
@@ -134,8 +134,7 @@ GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello);
 */
 typedef void (*GST_ValidationAddressCallback) (void *cls,
                                               const struct
-                                               GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+                                               GNUNET_CRYPTO_EccPublicKey *public_key,
-                                               * public_key,
                                               struct GNUNET_TIME_Absolute
                                               valid_until,
                                               struct GNUNET_TIME_Absolute
diff --git a/src/transport/test_plugin_transport.c b/src/transport/test_plugin_transport.c
index c48fc2d49..ffaad19ff 100644
--- a/src/transport/test_plugin_transport.c
+++ b/src/transport/test_plugin_transport.c
@@ -48,7 +48,7 @@
 /**
 * Our public key.
 */
-static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+static struct GNUNET_CRYPTO_EccPublicKey my_public_key;
 /**
 * Our identity.
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 2561ab2e6..a93512e38 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -4,7 +4,7 @@
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
     option) any later version.
     GNUnet is distributed in the hope that it will be useful, but
@@ -30,6 +30,12 @@
 #define EXTRA_CHECKS ALLOW_EXTRA_CHECKS 
+/**
+ * Name of the curve we are using.  Note that we have hard-coded
+ * structs that use 256 bits, so using a bigger curve will require
+ * changes that break stuff badly.  The name of the curve given here
+ * must be agreed by all peers and be supported by libgcrypt.
+ */
 #define CURVE "NIST P-256"
 #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
@@ -47,28 +53,14 @@
 /**
- * The private information of an ECC private key.
- */
-struct GNUNET_CRYPTO_EccPrivateKey
-{
-  
-  /**
-   * Libgcrypt S-expression for the ECC key.
-   */
-  gcry_sexp_t sexp;
-};
-/**
 * Free memory occupied by ECC key
 *
- * @param privatekey pointer to the memory to free
+ * @param priv pointer to the memory to free
 */
 void
-GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey)
+GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *priv)
 {
-  gcry_sexp_release (privatekey->sexp);
+  GNUNET_free (priv);
-  GNUNET_free (privatekey);
 }
@@ -133,6 +125,141 @@ key_from_sexp (gcry_mpi_t * array, gcry_sexp_t sexp, const char *topname,
 /**
+ * If target != size, move target bytes to the end of the size-sized
+ * buffer and zero out the first target-size bytes.
+ *
+ * @param buf original buffer
+ * @param size number of bytes in the buffer
+ * @param target target size of the buffer
+ */
+static void
+adjust (unsigned char *buf,
+        size_t size,
+        size_t target)
+{
+  if (size < target)
+  {
+    memmove (&buf[target - size], buf, size);
+    memset (buf, 0, target - size);
+  }
+}
+/**
+ * Output the given MPI value to the given buffer.
+ * 
+ * @param buf where to output to
+ * @param size number of bytes in buf
+ * @param val value to write to buf
+ */
+static void
+mpi_print (unsigned char *buf,
+           size_t size,
+           gcry_mpi_t val)
+{
+  size_t rsize;
+  rsize = size;
+  GNUNET_assert (0 ==
+                 gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize,
+                                 val));
+  adjust (buf, rsize, size);
+}
+/**
+ * Convert data buffer into MPI value.
+ *
+ * @param result where to store MPI value (allocated)
+ * @param data raw data (GCRYMPI_FMT_USG)
+ * @param size number of bytes in data
+ */
+static void
+mpi_scan (gcry_mpi_t *result,
+          const unsigned char *data,
+          size_t size)
+{
+  int rc;
+  if (0 != (rc = gcry_mpi_scan (result,
+                                GCRYMPI_FMT_USG, 
+                                data, size, &size)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
+    GNUNET_assert (0);
+  }
+}
+/**
+ * Convert the given private key from the network format to the
+ * S-expression that can be used by libgcrypt.
+ *
+ * @param priv private key to decode
+ * @return NULL on error
+ */
+static gcry_sexp_t
+decode_private_key (const struct GNUNET_CRYPTO_EccPrivateKey *priv)
+{
+  gcry_sexp_t result;
+  gcry_mpi_t d;
+  size_t erroff;
+  int rc;
+  mpi_scan (&d,
+            priv->d,
+            sizeof (priv->d));
+  rc = gcry_sexp_build (&result, &erroff, 
+                        "(private-key(ecdsa(curve \"" CURVE "\")(d %m)))",
+                        d);
+  gcry_mpi_release (d);
+  if (0 != rc)
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);  /* erroff gives more info */
+    GNUNET_assert (0);
+  }
+#if EXTRA_CHECKS
+  if (0 != (rc = gcry_pk_testkey (result)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
+    GNUNET_assert (0);
+  }
+#endif
+  return result;
+}
+/**
+ * Initialize public key struct from the respective point
+ * on the curve.
+ *
+ * @param q point on curve
+ * @param pub public key struct to initialize
+ * @param ctx context to use for ECC operations
+ */ 
+static void
+point_to_public_key (gcry_mpi_point_t q,
+                     gcry_ctx_t ctx,
+                     struct GNUNET_CRYPTO_EccPublicKey *pub)
+{
+  gcry_mpi_t q_x;
+  gcry_mpi_t q_y;
+  q_x = gcry_mpi_new (256);
+  q_y = gcry_mpi_new (256);
+  if (gcry_mpi_ec_get_affine (q_x, q_y, q, ctx))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
+    return;
+  }
+  mpi_print (pub->q_x, sizeof (pub->q_x), q_x);
+  mpi_print (pub->q_y, sizeof (pub->q_y), q_y);
+  gcry_mpi_release (q_x);
+  gcry_mpi_release (q_y);
+}
+/**
 * Extract the public key for the given private key.
 *
 * @param priv the private key
@@ -140,26 +267,25 @@ key_from_sexp (gcry_mpi_t * array, gcry_sexp_t sexp, const char *topname,
 */
 void
 GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                                  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub)
+                                  struct GNUNET_CRYPTO_EccPublicKey *pub)
 {
-  gcry_mpi_t skey;
+  gcry_sexp_t sexp;
-  size_t size;
+  gcry_ctx_t ctx;
+  gcry_mpi_point_t q;
  int rc;
-  memset (pub, 0, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+  sexp = decode_private_key (priv);
-  rc = key_from_sexp (&skey, priv->sexp, "public-key", "q");
+  GNUNET_assert (NULL != sexp);
-  if (rc)
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, sexp, NULL)))
-    rc = key_from_sexp (&skey, priv->sexp, "private-key", "q");
+  {
-  if (rc)
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc);  /* erroff gives more info */
-    rc = key_from_sexp (&skey, priv->sexp, "ecc", "q");
+    return;
-  GNUNET_assert (0 == rc);
+  }
-  pub->size = htons (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded));
+  gcry_sexp_release (sexp);
-  size = GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH;
+  q = gcry_mpi_ec_get_point ("q", ctx, 0);
-  GNUNET_assert (0 ==
+  point_to_public_key (q, ctx, pub);
-                 gcry_mpi_print (GCRYMPI_FMT_USG, pub->key, size, &size,
+  gcry_ctx_release (ctx);
-                                 skey));
+  gcry_mpi_point_release (q);
-  pub->len = htons (size);
-  gcry_mpi_release (skey);
 }
@@ -170,10 +296,10 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv
 * @return string representing  'pub'
 */
 char *
-GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub)
+GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKey *pub)
 {
  char *pubkeybuf;
-  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8;
+  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKey)) * 8;
  char *end;
  if (keylen % 5 > 0)
@@ -181,7 +307,7 @@ GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyB
  keylen /= 5;
  pubkeybuf = GNUNET_malloc (keylen + 1);
  end = GNUNET_STRINGS_data_to_string ((unsigned char *) pub, 
-                                       sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), 
+                                       sizeof (struct GNUNET_CRYPTO_EccPublicKey), 
                                       pubkeybuf, 
                                       keylen);
  if (NULL == end)
@@ -205,9 +331,9 @@ GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyB
 int
 GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, 
                                          size_t enclen,
-                                          struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub)
+                                          struct GNUNET_CRYPTO_EccPublicKey *pub)
 {
-  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8;
+  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKey)) * 8;
  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
@@ -217,10 +343,7 @@ GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc,
  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen,
                                                  pub,
-                                                  sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)))
+                                                  sizeof (struct GNUNET_CRYPTO_EccPublicKey)))
-    return GNUNET_SYSERR;
-  if ( (ntohs (pub->size) != sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) ||
-       (ntohs (pub->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) )
    return GNUNET_SYSERR;
  return GNUNET_OK;
 }
@@ -230,137 +353,46 @@ GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc,
 * Convert the given public key from the network format to the
 * S-expression that can be used by libgcrypt.
 *
- * @param publicKey public key to decode
+ * @param pub public key to decode
 * @return NULL on error
 */
 static gcry_sexp_t
-decode_public_key (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicKey)
+decode_public_key (const struct GNUNET_CRYPTO_EccPublicKey *pub)
 {
-  gcry_sexp_t result;
+  gcry_sexp_t pub_sexp;
-  gcry_mpi_t q;
+  gcry_mpi_t q_x;
-  size_t size;
+  gcry_mpi_t q_y;
-  size_t erroff;
+  gcry_mpi_point_t q;
+  gcry_ctx_t ctx;
  int rc;
-  if (ntohs (publicKey->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) 
+  mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x));
-  {
+  mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y));
-    GNUNET_break (0);
+  q = gcry_mpi_point_new (256);
-    return NULL;
+  gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE); 
-  }
+  gcry_mpi_release (q_x);
-  size = ntohs (publicKey->len);
+  gcry_mpi_release (q_y);
-  if (0 != (rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, publicKey->key, size, &size)))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
-    return NULL;
-  }
-  rc = gcry_sexp_build (&result, &erroff, 
-                        "(public-key(ecdsa(curve \"" CURVE "\")(q %m)))",
-                        q);
-  gcry_mpi_release (q);
-  if (0 != rc)
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);  /* erroff gives more info */
-    return NULL;
-  }
-#if EXTRA_CHECKS
-  if (0 != (rc = gcry_pk_testkey (result)))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
-    gcry_sexp_release (result);
-    return NULL;
-  }
-#endif
-  return result;
-}
-/**
- * Encode the private key in a format suitable for
- * storing it into a file.
- *
- * @param key key to encode
- * @return encoding of the private key.
- *    The first 4 bytes give the size of the array, as usual.
- */
-struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *
-GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key)
-{
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *retval;
-  char buf[65536];
-  uint16_t be;
-  size_t size;
-#if EXTRA_CHECKS
-  if (0 != gcry_pk_testkey (key->sexp))
-  {
-    GNUNET_break (0);
-    return NULL;
-  }
-#endif
-  size = gcry_sexp_sprint (key->sexp, 
-                           GCRYSEXP_FMT_DEFAULT,
-                           &buf[2], sizeof (buf) - sizeof (uint16_t));
-  if (0 == size)
-  {
-    GNUNET_break (0);
-    return NULL;
-  }
-  GNUNET_assert (size < 65536 - sizeof (uint16_t));
-  be = htons ((uint16_t) size + (sizeof (be)));
-  memcpy (buf, &be, sizeof (be));
-  size += sizeof (be);
-  retval = GNUNET_malloc (size);
-  memcpy (retval, buf, size);
-  return retval;
-}
-/**
- * Decode the private key from the file-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the private key data is stored
- * @param len the length of the data in 'buffer'
- * @param validate GNUNET_YES to validate that the key is well-formed,
- *                 GNUNET_NO if the key comes from a totally trusted source 
- *                 and validation is considered too expensive
- * @return NULL on error
- */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_decode_key (const char *buf, 
-                              size_t len,
-                              int validate)
-{
-  struct GNUNET_CRYPTO_EccPrivateKey *ret;
-  uint16_t be;
-  gcry_sexp_t sexp;
-  int rc;
-  size_t erroff;
-  if (len < sizeof (uint16_t)) 
+  /* create basic ECC context */
-    return NULL;
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, CURVE)))
-  memcpy (&be, buf, sizeof (be));
-  if (len < ntohs (be))
-    return NULL;
-  len = ntohs (be);
-  if (0 != (rc = gcry_sexp_sscan (&sexp,
-                                  &erroff,
-                                  &buf[2],
-                                  len - sizeof (uint16_t))))
  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc);
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc);  /* erroff gives more info */
+    gcry_mpi_point_release (q);
    return NULL;
  }  
-  if ( (GNUNET_YES == validate) &&
+  /* initialize 'ctx' with 'q' */
-       (0 != (rc = gcry_pk_testkey (sexp))) )
+  gcry_mpi_ec_set_point ("q", q, ctx);
+  gcry_mpi_point_release (q);
+  /* convert 'ctx' to 'sexp' */
+  if (0 != (rc = gcry_pubkey_get_sexp (&pub_sexp, GCRY_PK_GET_PUBKEY, ctx)))
  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_from_context", rc);
+    gcry_ctx_release (ctx);
    return NULL;
  }
-  ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
+  gcry_ctx_release (ctx);
-  ret->sexp = sexp;
+  return pub_sexp;
-  return ret;
 }
@@ -372,9 +404,10 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf,
 struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_key_create ()
 {
-  struct GNUNET_CRYPTO_EccPrivateKey *ret;
+  struct GNUNET_CRYPTO_EccPrivateKey *priv;
-  gcry_sexp_t s_key;
+  gcry_sexp_t priv_sexp;
  gcry_sexp_t s_keyparam;
+  gcry_mpi_t d;
  int rc;
  if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
@@ -383,7 +416,7 @@ GNUNET_CRYPTO_ecc_key_create ()
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
    return NULL;
  }
-  if (0 != (rc = gcry_pk_genkey (&s_key, s_keyparam)))
+  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
    gcry_sexp_release (s_keyparam);
@@ -391,16 +424,24 @@ GNUNET_CRYPTO_ecc_key_create ()
  }
  gcry_sexp_release (s_keyparam);
 #if EXTRA_CHECKS
-  if (0 != (rc = gcry_pk_testkey (s_key)))
+  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
-    gcry_sexp_release (s_key);
+    gcry_sexp_release (priv_sexp);
    return NULL;
  }
 #endif
-  ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
+  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
-  ret->sexp = s_key;
+  {
-  return ret;
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
+    gcry_sexp_release (priv_sexp);
+    return NULL;
+  }
+  gcry_sexp_release (priv_sexp);
+  priv = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
+  mpi_print (priv->d, sizeof (priv->d), d);
+  gcry_mpi_release (d);
+  return priv;
 }
@@ -438,15 +479,11 @@ short_wait ()
 struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
 {
-  struct GNUNET_CRYPTO_EccPrivateKey *ret;
+  struct GNUNET_CRYPTO_EccPrivateKey *priv;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
-  uint16_t len;
  struct GNUNET_DISK_FileHandle *fd;
  unsigned int cnt;
  int ec;
  uint64_t fs;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
-  struct GNUNET_PeerIdentity pid;
  if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
    return NULL;
@@ -479,7 +516,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
    while (GNUNET_YES !=
           GNUNET_DISK_file_lock (fd, 0,
-                                  sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded),
+                                  sizeof (struct GNUNET_CRYPTO_EccPrivateKey),
                                  GNUNET_YES))
    {
      short_wait ();
@@ -493,23 +530,17 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
    }
    LOG (GNUNET_ERROR_TYPE_INFO,
         _("Creating a new private key.  This may take a while.\n"));
-    ret = GNUNET_CRYPTO_ecc_key_create ();
+    priv = GNUNET_CRYPTO_ecc_key_create ();
-    GNUNET_assert (ret != NULL);
+    GNUNET_assert (NULL != priv);
-    enc = GNUNET_CRYPTO_ecc_encode_key (ret);
+    GNUNET_assert (sizeof (*priv) ==
-    GNUNET_assert (enc != NULL);
+                   GNUNET_DISK_file_write (fd, priv, sizeof (*priv)));
-    GNUNET_assert (ntohs (enc->size) ==
-                   GNUNET_DISK_file_write (fd, enc, ntohs (enc->size)));
-    GNUNET_free (enc);
    GNUNET_DISK_file_sync (fd);
    if (GNUNET_YES !=
        GNUNET_DISK_file_unlock (fd, 0,
-                                 sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)))
+                                 sizeof (struct GNUNET_CRYPTO_EccPrivateKey)))
      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
    GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
-    GNUNET_CRYPTO_ecc_key_get_public (ret, &pub);
+    return priv;
-    GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
-    return ret;
  }
  /* key file exists already, read it! */
  fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
@@ -524,7 +555,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
  {
    if (GNUNET_YES !=
        GNUNET_DISK_file_lock (fd, 0,
-                               sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded),
+                               sizeof (struct GNUNET_CRYPTO_EccPrivateKey),
                               GNUNET_NO))
    {
      if (0 == ++cnt % 60)
@@ -546,7 +577,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
      if (GNUNET_YES !=
          GNUNET_DISK_file_unlock (fd, 0,
-                                   sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)))
+                                   sizeof (struct GNUNET_CRYPTO_EccPrivateKey)))
        LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
      GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
@@ -554,13 +585,13 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
    }
    if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
      fs = 0;
-    if (fs < sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded))
+    if (fs < sizeof (struct GNUNET_CRYPTO_EccPrivateKey))
    {
      /* maybe we got the read lock before the key generating
       * process had a chance to get the write lock; give it up! */
      if (GNUNET_YES !=
          GNUNET_DISK_file_unlock (fd, 0,
-                                   sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)))
+                                   sizeof (struct GNUNET_CRYPTO_EccPrivateKey)))
        LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
      if (0 == ++cnt % 10)
      {
@@ -568,7 +599,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
             _
             ("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
             filename, (unsigned int) fs,
-             (unsigned int) sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded));
+             (unsigned int) sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
        LOG (GNUNET_ERROR_TYPE_ERROR,
             _
             ("This may be ok if someone is currently generating a key.\n"));
@@ -578,33 +609,15 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
    }
    break;
  }
-  enc = GNUNET_malloc (fs);
+  fs = sizeof (struct GNUNET_CRYPTO_EccPrivateKey);
-  GNUNET_assert (fs == GNUNET_DISK_file_read (fd, enc, fs));
+  priv = GNUNET_malloc (fs);
-  len = ntohs (enc->size);
+  GNUNET_assert (fs == GNUNET_DISK_file_read (fd, priv, fs));
-  ret = NULL;
-  if ((len > fs) ||
-      (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, GNUNET_YES))))
-  {
-    LOG (GNUNET_ERROR_TYPE_ERROR,
-         _("File `%s' does not contain a valid private key.  Deleting it.\n"),
-         filename);
-    if (0 != UNLINK (filename))
-    {
-      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
-    }
-  }
-  GNUNET_free (enc);
  if (GNUNET_YES !=
      GNUNET_DISK_file_unlock (fd, 0,
-                               sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)))
+                               sizeof (struct GNUNET_CRYPTO_EccPrivateKey)))
    LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
  GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
-  if (ret != NULL)
+  return priv;
-  {
-    GNUNET_CRYPTO_ecc_key_get_public (ret, &pub);
-    GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
-  }
-  return ret;
 }
@@ -618,15 +631,15 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename)
 struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_CRYPTO_EccPrivateKey *pk;
+  struct GNUNET_CRYPTO_EccPrivateKey *priv;
  char *fn;
  if (GNUNET_OK != 
      GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
    return NULL;
-  pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn);
+  priv = GNUNET_CRYPTO_ecc_key_create_from_file (fn);
  GNUNET_free (fn);
-  return pk;
+  return priv;
 }
@@ -642,13 +655,13 @@ void
 GNUNET_CRYPTO_ecc_setup_key (const char *cfg_name)
 {
  struct GNUNET_CONFIGURATION_Handle *cfg;
-  struct GNUNET_CRYPTO_EccPrivateKey *pk;
+  struct GNUNET_CRYPTO_EccPrivateKey *priv;
  cfg = GNUNET_CONFIGURATION_create ();
  (void) GNUNET_CONFIGURATION_load (cfg, cfg_name);
-  pk = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg);
+  priv = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg);
-  if (NULL != pk)
+  if (NULL != priv)
-    GNUNET_CRYPTO_ecc_key_free (pk);
+    GNUNET_CRYPTO_ecc_key_free (priv);
  GNUNET_CONFIGURATION_destroy (cfg);
 }
@@ -665,18 +678,18 @@ int
 GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                 struct GNUNET_PeerIdentity *dst)
 {
-  struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
+  struct GNUNET_CRYPTO_EccPrivateKey *priv;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
-  if (NULL == (my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg)))
+  if (NULL == (priv = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg)))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                _("Could not load peer's private key\n"));
    return GNUNET_SYSERR;
  }
-  GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key);
+  GNUNET_CRYPTO_ecc_key_get_public (priv, &pub);
-  GNUNET_CRYPTO_ecc_key_free (my_private_key);
+  GNUNET_CRYPTO_ecc_key_free (priv);
-  GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &dst->hashPubKey);
+  GNUNET_CRYPTO_hash (&pub, sizeof (pub), &dst->hashPubKey);
  return GNUNET_OK;
 }
@@ -692,24 +705,19 @@ static gcry_sexp_t
 data_to_pkcs1 (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
 {
  struct GNUNET_CRYPTO_ShortHashCode hc;
-  size_t bufSize;
  gcry_sexp_t data;
+  int rc;
  GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);
-#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))"
+  if (0 != (rc = gcry_sexp_build (&data, NULL,
-  bufSize = strlen (FORMATSTRING) + 1;
+                                  "(data(flags rfc6979)(hash %s %b))",
+                                  "sha256",
+                                  sizeof (hc),
+                                  &hc)))
  {
-    char buff[bufSize];
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+    return NULL;
-    memcpy (buff, FORMATSTRING, bufSize);
-    memcpy (&buff
-            [bufSize -
-             strlen
-             ("01234567890123456789012345678901))")
-             - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
-    GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
  }
-#undef FORMATSTRING
  return data;
 }
@@ -717,44 +725,49 @@ data_to_pkcs1 (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
 /**
 * Sign a given block.
 *
- * @param key private key to use for the signing
+ * @param priv private key to use for the signing
 * @param purpose what to sign (size, purpose)
 * @param sig where to write the signature
 * @return GNUNET_SYSERR on error, GNUNET_OK on success
 */
 int
-GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
+GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
                        const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
                        struct GNUNET_CRYPTO_EccSignature *sig)
 {
-  gcry_sexp_t result;
+  gcry_sexp_t priv_sexp;
+  gcry_sexp_t sig_sexp;
  gcry_sexp_t data;
-  size_t ssize;
  int rc;
+  gcry_mpi_t rs[2];
+  priv_sexp = decode_private_key (priv);
  data = data_to_pkcs1 (purpose);
-  if (0 != (rc = gcry_pk_sign (&result, data, key->sexp)))
+  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         _("ECC signing failed at %s:%d: %s\n"), __FILE__,
         __LINE__, gcry_strerror (rc));
    gcry_sexp_release (data);
+    gcry_sexp_release (priv_sexp);
    return GNUNET_SYSERR;
  }
+  gcry_sexp_release (priv_sexp);
  gcry_sexp_release (data);
-  ssize = gcry_sexp_sprint (result, 
-                            GCRYSEXP_FMT_DEFAULT,
+  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
-                            sig->sexpr,
+     'signature' */
-                            GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH);
+  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
-  if (0 == ssize)
  {
    GNUNET_break (0);
+    gcry_sexp_release (sig_sexp);
    return GNUNET_SYSERR;
  }
-  sig->size = htons ((uint16_t) (ssize + sizeof (uint16_t)));
+  gcry_sexp_release (sig_sexp);
-  /* padd with zeros */
+  mpi_print (sig->r, sizeof (sig->r), rs[0]);
-  memset (&sig->sexpr[ssize], 0, GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH - ssize);
+  mpi_print (sig->s, sizeof (sig->s), rs[1]);
-  gcry_sexp_release (result);
+  gcry_mpi_release (rs[0]);
+  gcry_mpi_release (rs[1]);
  return GNUNET_OK;
 }
@@ -765,7 +778,7 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
 * @param purpose what is the purpose that the signature should have?
 * @param validate block to validate (size, purpose, data)
 * @param sig signature that is being validated
- * @param publicKey public key of the signer
+ * @param pub public key of the signer
 * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
 */
 int
@@ -773,36 +786,43 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
                          const struct GNUNET_CRYPTO_EccSignaturePurpose
                          *validate,
                          const struct GNUNET_CRYPTO_EccSignature *sig,
-                          const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
+                          const struct GNUNET_CRYPTO_EccPublicKey *pub)
-                          *publicKey)
 {
  gcry_sexp_t data;
-  gcry_sexp_t sigdata;
+  gcry_sexp_t sig_sexpr;
-  size_t size;
+  gcry_sexp_t pub_sexpr;
-  gcry_sexp_t psexp;
  size_t erroff;
  int rc;
+  gcry_mpi_t r;
+  gcry_mpi_t s;
  if (purpose != ntohl (validate->purpose))
    return GNUNET_SYSERR;       /* purpose mismatch */
-  size = ntohs (sig->size);
-  if ( (size < sizeof (uint16_t)) ||
+  /* build s-expression for signature */
-       (size > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH - sizeof (uint16_t)) )
+  mpi_scan (&r, sig->r, sizeof (sig->r));
-    return GNUNET_SYSERR; /* size out of range */
+  mpi_scan (&s, sig->s, sizeof (sig->s));
+  if (0 != (rc = gcry_sexp_build (&sig_sexpr, &erroff, "(sig-val(ecdsa(r %m)(s %m)))",
+                                  r, s)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+    gcry_mpi_release (r);
+    gcry_mpi_release (s);
+    return GNUNET_SYSERR;
+  }
+  gcry_mpi_release (r);
+  gcry_mpi_release (s);
  data = data_to_pkcs1 (validate);
-  GNUNET_assert (0 ==
+  if (! (pub_sexpr = decode_public_key (pub)))
-                 gcry_sexp_sscan (&sigdata, &erroff, 
-                                  sig->sexpr, size - sizeof (uint16_t)));
-  if (! (psexp = decode_public_key (publicKey)))
  {
    gcry_sexp_release (data);
-    gcry_sexp_release (sigdata);
+    gcry_sexp_release (sig_sexpr);
    return GNUNET_SYSERR;
  }
-  rc = gcry_pk_verify (sigdata, data, psexp);
+  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
-  gcry_sexp_release (psexp);
+  gcry_sexp_release (pub_sexpr);
  gcry_sexp_release (data);
-  gcry_sexp_release (sigdata);
+  gcry_sexp_release (sig_sexpr);
  if (0 != rc)
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -817,14 +837,14 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
 /**
 * Derive key material from a public and a private ECC key.
 *
- * @param key private key to use for the ECDH (x)
+ * @param priv private key to use for the ECDH (x)
- * @param pub public key to use for the ECDY (yG)
+ * @param pub public key to use for the ECDH (yG)
 * @param key_material where to write the key material (xyG)
 * @return GNUNET_SYSERR on error, GNUNET_OK on success
 */
 int
-GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
+GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub,
+                        const struct GNUNET_CRYPTO_EccPublicKey *pub,
                        struct GNUNET_HashCode *key_material)
 { 
  size_t slen;
@@ -835,36 +855,29 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
  gcry_mpi_point_t q;
  gcry_mpi_t d;
  gcry_ctx_t ctx;
-  gcry_sexp_t psexp;
+  gcry_sexp_t pub_sexpr;
+  gcry_sexp_t ecdh_sexp;
  gcry_mpi_t result_x;
  gcry_mpi_t result_y;
  /* first, extract the q = dP value from the public key */
-  if (! (psexp = decode_public_key (pub)))
+  if (! (pub_sexpr = decode_public_key (pub)))
    return GNUNET_SYSERR;
-  if (0 != (rc = gcry_mpi_ec_new (&ctx, psexp, NULL)))
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc);  /* erroff gives more info */
    return GNUNET_SYSERR;
  }
-  gcry_sexp_release (psexp);
+  gcry_sexp_release (pub_sexpr);
  q = gcry_mpi_ec_get_point ("q", ctx, 0);
  gcry_ctx_release (ctx);
  /* second, extract the d value from our private key */
-  rc = key_from_sexp (&d, key->sexp, "private-key", "d");
+  mpi_scan (&d, priv->d, sizeof (priv->d));
-  if (rc)
-    rc = key_from_sexp (&d, key->sexp, "ecc", "d");
-  if (0 != rc)
-  {
-    GNUNET_break (0);
-    gcry_mpi_point_release (q);
-    return GNUNET_SYSERR;
-  }
  /* create a new context for definitively the correct curve;
     theoretically the 'public_key' might not use the right curve */
-  if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, "NIST P-256")))
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, CURVE)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc);  /* erroff gives more info */
    gcry_mpi_release (d);
@@ -891,7 +904,7 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
  }
  gcry_mpi_point_release (result);
  gcry_ctx_release (ctx);
-  if (0 != (rc = gcry_sexp_build (&psexp, &erroff, 
+  if (0 != (rc = gcry_sexp_build (&ecdh_sexp, &erroff, 
                                  "(dh-shared-secret (x %m)(y %m))",
                                  result_x,
                                  result_y)))
@@ -903,13 +916,135 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
  }
  gcry_mpi_release (result_x);
  gcry_mpi_release (result_y);
-  slen = gcry_sexp_sprint (psexp, GCRYSEXP_FMT_DEFAULT, sdata_buf, sizeof (sdata_buf));
+  slen = gcry_sexp_sprint (ecdh_sexp,
+                           GCRYSEXP_FMT_DEFAULT, 
+                           sdata_buf, sizeof (sdata_buf));
  GNUNET_assert (0 != slen);
-  gcry_sexp_release (psexp);
+  gcry_sexp_release (ecdh_sexp);
-  /* finally, get a string of the resulting S-expression and hash it to generate the key material */
+  /* finally, get a string of the resulting S-expression and hash it
+     to generate the key material */
  GNUNET_CRYPTO_hash (sdata_buf, slen, key_material);
  return GNUNET_OK;
 }
+/**
+ * Derive the 'h' value for key derivation, where 
+ * 'h = H(l,P)'.
+ *
+ * @param pub public key for deriviation
+ * @param label label for deriviation
+ * @return h value
+ */ 
+static gcry_mpi_t 
+derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub,
+          const char *label)
+{
+  gcry_mpi_t h;
+  struct GNUNET_HashCode hc;
+  GNUNET_CRYPTO_kdf (&hc, sizeof (hc),
+                     "key-derivation", strlen ("key-derivation"),
+                     pub, sizeof (*pub),
+                     label, sizeof (label),
+                     NULL, 0);
+  mpi_scan (&h, (unsigned char *) &hc, sizeof (hc));
+  return h;
+}
+/**
+ * Derive a private key from a given private key and a label.
+ * Essentially calculates a private key 'd = H(l,P) * x mod n'
+ * where n is the size of the ECC group and P is the public
+ * key associated with the private key 'd'.
+ *
+ * @param priv original private key
+ * @param label label to use for key deriviation
+ * @return derived private key
+ */
+struct GNUNET_CRYPTO_EccPrivateKey *
+GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
+                              const char *label)
+{
+  struct GNUNET_CRYPTO_EccPublicKey pub;
+  struct GNUNET_CRYPTO_EccPrivateKey *ret;
+  gcry_mpi_t h;
+  gcry_mpi_t x;
+  gcry_mpi_t d;
+  gcry_mpi_t n;
+  int rc;
+  GNUNET_CRYPTO_ecc_key_get_public (priv, &pub);
+  h = derive_h (&pub, label);
+  mpi_scan (&x, priv->d, sizeof (priv->d));
+  /* initialize 'n' from P-256; hex copied from libgcrypt code */
+  if (0 != (rc = gcry_mpi_scan (&n, GCRYMPI_FMT_HEX, 
+                                "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 0, NULL)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
+    gcry_mpi_release (h);
+    return NULL;
+  }
+  d = gcry_mpi_new (256);
+  gcry_mpi_mulm (d, h, x, n);
+  gcry_mpi_release (h);
+  gcry_mpi_release (x);
+  gcry_mpi_release (n);
+  ret = GNUNET_new (struct GNUNET_CRYPTO_EccPrivateKey);
+  mpi_print (ret->d, sizeof (ret->d), d);
+  gcry_mpi_release (d);
+  return ret;
+}
+/**
+ * Derive a public key from a given public key and a label.
+ * Essentially calculates a public key 'V = H(l,P) * P'.
+ *
+ * @param pub original public key
+ * @param label label to use for key deriviation
+ * @param result where to write the derived public key
+ */
+void
+GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub,
+                                     const char *label,
+                                     struct GNUNET_CRYPTO_EccPublicKey *result)
+{
+  gcry_mpi_t h;
+  gcry_ctx_t ctx;
+  gcry_mpi_t q_x;
+  gcry_mpi_t q_y;
+  gcry_mpi_point_t q;
+  gcry_mpi_point_t v;
+  int rc;
+  h = derive_h (pub, label);
+  mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x));
+  mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y));
+  q = gcry_mpi_point_new (256);
+  gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE);
+  gcry_mpi_release (q_x);
+  gcry_mpi_release (q_y);
+  /* create basic ECC context */
+  if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, CURVE)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); 
+    gcry_mpi_point_release (q);
+    gcry_mpi_release (h);
+    return;
+  } 
+  v = gcry_mpi_point_new (256);
+  /* we could calculate 'h mod n' here first, but hopefully
+     libgcrypt is smart enough to do that for us... */
+  gcry_mpi_ec_mul (v, h, q, ctx);
+  gcry_mpi_release (h);
+  gcry_mpi_point_release (q);
+  point_to_public_key (v, ctx, result);
+  gcry_mpi_point_release (v);
+  gcry_ctx_release (ctx);
+}
 /* end of crypto_ecc.c */
diff --git a/src/util/gnunet-ecc.c b/src/util/gnunet-ecc.c
index a00ef0573..0805e3f94 100644
--- a/src/util/gnunet-ecc.c
+++ b/src/util/gnunet-ecc.c
@@ -1,6 +1,6 @@
 /*
     This file is part of GNUnet.
-     (C) 2012 Christian Grothoff (and other contributing authors)
+     (C) 2012, 2013 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
@@ -49,15 +49,6 @@ static int print_short_identity;
 */
 static unsigned int make_keys;
-/**
- * The private information of an ECC key pair.
- * NOTE: this must match the definition in crypto_ksk.c and crypto_ecc.c!
- */
-struct GNUNET_CRYPTO_EccPrivateKey
-{
-  gcry_sexp_t sexp;
-};
 /**
 * Create a flat file with a large number of key pairs for testing.
@@ -65,10 +56,8 @@ struct GNUNET_CRYPTO_EccPrivateKey
 static void
 create_keys (const char *fn)
 {
-  static char pad[GNUNET_TESTING_HOSTKEYFILESIZE];
  FILE *f;
  struct GNUNET_CRYPTO_EccPrivateKey *pk;
-  struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc;
  if (NULL == (f = fopen (fn, "w+")))
  {
@@ -90,22 +79,18 @@ create_keys (const char *fn)
       GNUNET_break (0);
       break;
    }
-    enc = GNUNET_CRYPTO_ecc_encode_key (pk);
+    if (GNUNET_TESTING_HOSTKEYFILESIZE != 
-    GNUNET_assert (ntohs (enc->size) <= GNUNET_TESTING_HOSTKEYFILESIZE);
+        fwrite (pk, 1,
-    if ( (ntohs (enc->size) != fwrite (enc, 1, ntohs (enc->size), f)) ||
+                GNUNET_TESTING_HOSTKEYFILESIZE, f))
-         (GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size)
-          != fwrite (pad, 1, GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size), f)) )
    {
      fprintf (stderr,
               _("\nFailed to write to `%s': %s\n"),
               fn,
               STRERROR (errno));
      GNUNET_CRYPTO_ecc_key_free (pk);
-      GNUNET_free (enc);
      break;
    }
    GNUNET_CRYPTO_ecc_key_free (pk);
-    GNUNET_free (enc);
  }
  if (UINT_MAX == make_keys)
    fprintf (stderr,
@@ -130,7 +115,7 @@ run (void *cls, char *const *args, const char *cfgfile,
     const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
  struct GNUNET_CRYPTO_EccPrivateKey *pk;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub;
+  struct GNUNET_CRYPTO_EccPublicKey pub;
  struct GNUNET_PeerIdentity pid;
  if (NULL == args[0])
diff --git a/src/util/test_crypto_ecc.c b/src/util/test_crypto_ecc.c
index 1d58e9607..668f15761 100644
--- a/src/util/test_crypto_ecc.c
+++ b/src/util/test_crypto_ecc.c
@@ -1,6 +1,6 @@
 /*
     This file is part of GNUnet.
-     (C) 2002, 2003, 2004, 2006, 2009 Christian Grothoff (and other contributing authors)
+     (C) 2002-2013 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
@@ -44,7 +44,7 @@ testSignVerify ()
 {
  struct GNUNET_CRYPTO_EccSignature sig;
  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  int i;
  struct GNUNET_TIME_Absolute start;
  int ok = GNUNET_OK;
@@ -93,7 +93,7 @@ testSignPerformance ()
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
  struct GNUNET_CRYPTO_EccSignature sig;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_EccPublicKey pkey;
  int i;
  struct GNUNET_TIME_Absolute start;
  int ok = GNUNET_OK;
@@ -124,8 +124,8 @@ testSignPerformance ()
 static int
 testCreateFromFile ()
 {
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded p1;
+  struct GNUNET_CRYPTO_EccPublicKey p1;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded p2;
+  struct GNUNET_CRYPTO_EccPublicKey p2;
  key = GNUNET_CRYPTO_ecc_key_create_from_file (KEYFILE);
  GNUNET_assert (NULL != key);
@@ -150,8 +150,8 @@ test_ecdh ()
 {
  struct GNUNET_CRYPTO_EccPrivateKey *priv1;
  struct GNUNET_CRYPTO_EccPrivateKey *priv2;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub1;
+  struct GNUNET_CRYPTO_EccPublicKey pub1;
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub2;
+  struct GNUNET_CRYPTO_EccPublicKey pub2;
  struct GNUNET_HashCode ecdh1;
  struct GNUNET_HashCode ecdh2;