diff --git a/backup/backup.go b/backup/backup.go
index 464cc713ac95d3bff6c4aa9f7d32d07f4d5530b0..2d8b55e8a3ba388892aad7bcd8b274182c6fddce 100644
--- a/backup/backup.go
+++ b/backup/backup.go
@@ -21,7 +21,7 @@ import (
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/crypto/backup"
 	"gitlab.com/elixxir/crypto/fastRNG"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 )
 
 // Error messages.
@@ -69,8 +69,8 @@ type Session interface {
 	GetTransmissionSalt() []byte
 	GetReceptionID() *id.ID
 	GetReceptionSalt() []byte
-	GetReceptionRSA() *rsa.PrivateKey
-	GetTransmissionRSA() *rsa.PrivateKey
+	GetReceptionRSA() rsa.PrivateKey
+	GetTransmissionRSA() rsa.PrivateKey
 	GetTransmissionRegistrationValidationSignature() []byte
 	GetReceptionRegistrationValidationSignature() []byte
 	GetRegistrationTimestamp() time.Time
@@ -286,7 +286,7 @@ func (b *Backup) assembleBackup() backup.Backup {
 
 	// Get transmission identity
 	bu.TransmissionIdentity = backup.TransmissionIdentity{
-		RSASigningPrivateKey: b.session.GetTransmissionRSA(),
+		RSASigningPrivateKey: b.session.GetTransmissionRSA().GetOldRSA(),
 		RegistrarSignature:   b.session.GetTransmissionRegistrationValidationSignature(),
 		Salt:                 b.session.GetTransmissionSalt(),
 		ComputedID:           b.session.GetTransmissionID(),
@@ -294,7 +294,7 @@ func (b *Backup) assembleBackup() backup.Backup {
 
 	// Get reception identity
 	bu.ReceptionIdentity = backup.ReceptionIdentity{
-		RSASigningPrivateKey: b.session.GetReceptionRSA(),
+		RSASigningPrivateKey: b.session.GetReceptionRSA().GetOldRSA(),
 		RegistrarSignature:   b.session.GetReceptionRegistrationValidationSignature(),
 		Salt:                 b.session.GetReceptionSalt(),
 		ComputedID:           b.session.GetReceptionID(),
diff --git a/backup/backup_test.go b/backup/backup_test.go
index cc501ffcc930313af1174d8c3d5eb3edbfb9454f..b3179f58ee4c7eac4f9f1342338e2b29d4f35090 100644
--- a/backup/backup_test.go
+++ b/backup/backup_test.go
@@ -279,13 +279,13 @@ func TestBackup_AddJson(t *testing.T) {
 		RegistrationCode:      s.regCode,
 		RegistrationTimestamp: s.registrationTimestamp.UnixNano(),
 		TransmissionIdentity: backup.TransmissionIdentity{
-			RSASigningPrivateKey: s.transmissionRSA,
+			RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(),
 			RegistrarSignature:   s.transmissionRegistrationValidationSignature,
 			Salt:                 s.transmissionSalt,
 			ComputedID:           s.transmissionID,
 		},
 		ReceptionIdentity: backup.ReceptionIdentity{
-			RSASigningPrivateKey: s.receptionRSA,
+			RSASigningPrivateKey: s.receptionRSA.GetOldRSA(),
 			RegistrarSignature:   s.receptionRegistrationValidationSignature,
 			Salt:                 s.receptionSalt,
 			ComputedID:           s.receptionID,
@@ -318,13 +318,13 @@ func TestBackup_AddJson_badJson(t *testing.T) {
 		RegistrationCode:      s.regCode,
 		RegistrationTimestamp: s.registrationTimestamp.UnixNano(),
 		TransmissionIdentity: backup.TransmissionIdentity{
-			RSASigningPrivateKey: s.transmissionRSA,
+			RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(),
 			RegistrarSignature:   s.transmissionRegistrationValidationSignature,
 			Salt:                 s.transmissionSalt,
 			ComputedID:           s.transmissionID,
 		},
 		ReceptionIdentity: backup.ReceptionIdentity{
-			RSASigningPrivateKey: s.receptionRSA,
+			RSASigningPrivateKey: s.receptionRSA.GetOldRSA(),
 			RegistrarSignature:   s.receptionRegistrationValidationSignature,
 			Salt:                 s.receptionSalt,
 			ComputedID:           s.receptionID,
@@ -358,13 +358,13 @@ func TestBackup_assembleBackup(t *testing.T) {
 		RegistrationCode:      s.regCode,
 		RegistrationTimestamp: s.registrationTimestamp.UnixNano(),
 		TransmissionIdentity: backup.TransmissionIdentity{
-			RSASigningPrivateKey: s.transmissionRSA,
+			RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(),
 			RegistrarSignature:   s.transmissionRegistrationValidationSignature,
 			Salt:                 s.transmissionSalt,
 			ComputedID:           s.transmissionID,
 		},
 		ReceptionIdentity: backup.ReceptionIdentity{
-			RSASigningPrivateKey: s.receptionRSA,
+			RSASigningPrivateKey: s.receptionRSA.GetOldRSA(),
 			RegistrarSignature:   s.receptionRegistrationValidationSignature,
 			Salt:                 s.receptionSalt,
 			ComputedID:           s.receptionID,
diff --git a/backup/utils_test.go b/backup/utils_test.go
index beecea4a4c9c94fcd21acc78ced939ef919ab143..7d6be439de9bd3cea6100f9dc08b29746340822e 100644
--- a/backup/utils_test.go
+++ b/backup/utils_test.go
@@ -12,9 +12,9 @@ import (
 	"time"
 
 	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/primitives/fact"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 )
 
@@ -48,16 +48,17 @@ type mockSession struct {
 	transmissionSalt                            []byte
 	receptionID                                 *id.ID
 	receptionSalt                               []byte
-	receptionRSA                                *rsa.PrivateKey
-	transmissionRSA                             *rsa.PrivateKey
+	receptionRSA                                rsa.PrivateKey
+	transmissionRSA                             rsa.PrivateKey
 	transmissionRegistrationValidationSignature []byte
 	receptionRegistrationValidationSignature    []byte
 	registrationTimestamp                       time.Time
 }
 
 func newMockSession(t testing.TB) *mockSession {
-	receptionRSA, _ := rsa.LoadPrivateKeyFromPem([]byte(privKey))
-	transmissionRSA, _ := rsa.LoadPrivateKeyFromPem([]byte(privKey))
+	sch := rsa.GetScheme()
+	receptionRSA, _ := sch.UnmarshalPrivateKeyPEM([]byte(privKey))
+	transmissionRSA, _ := sch.UnmarshalPrivateKeyPEM([]byte(privKey))
 
 	return &mockSession{
 		regCode:          "regCode",
@@ -73,13 +74,13 @@ func newMockSession(t testing.TB) *mockSession {
 	}
 
 }
-func (m mockSession) GetRegCode() (string, error)         { return m.regCode, nil }
-func (m mockSession) GetTransmissionID() *id.ID           { return m.transmissionID }
-func (m mockSession) GetTransmissionSalt() []byte         { return m.transmissionSalt }
-func (m mockSession) GetReceptionID() *id.ID              { return m.receptionID }
-func (m mockSession) GetReceptionSalt() []byte            { return m.receptionSalt }
-func (m mockSession) GetReceptionRSA() *rsa.PrivateKey    { return m.receptionRSA }
-func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey { return m.transmissionRSA }
+func (m mockSession) GetRegCode() (string, error)        { return m.regCode, nil }
+func (m mockSession) GetTransmissionID() *id.ID          { return m.transmissionID }
+func (m mockSession) GetTransmissionSalt() []byte        { return m.transmissionSalt }
+func (m mockSession) GetReceptionID() *id.ID             { return m.receptionID }
+func (m mockSession) GetReceptionSalt() []byte           { return m.receptionSalt }
+func (m mockSession) GetReceptionRSA() rsa.PrivateKey    { return m.receptionRSA }
+func (m mockSession) GetTransmissionRSA() rsa.PrivateKey { return m.transmissionRSA }
 func (m mockSession) GetTransmissionRegistrationValidationSignature() []byte {
 	return m.transmissionRegistrationValidationSignature
 }
diff --git a/cmix/nodes/interfaces.go b/cmix/nodes/interfaces.go
index 469137c4412d47a09d1865e15b071aef649ddd80..9292306937f2c9d863ee071ff52f9713b479cbd4 100644
--- a/cmix/nodes/interfaces.go
+++ b/cmix/nodes/interfaces.go
@@ -13,9 +13,9 @@ import (
 	pb "gitlab.com/elixxir/comms/mixmessages"
 	"gitlab.com/elixxir/comms/network"
 	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/xx_network/comms/connect"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"time"
 )
@@ -84,7 +84,7 @@ type session interface {
 	IsPrecanned() bool
 	GetCmixGroup() *cyclic.Group
 	GetKV() *versioned.KV
-	GetTransmissionRSA() *rsa.PrivateKey
+	GetTransmissionRSA() rsa.PrivateKey
 	GetRegistrationTimestamp() time.Time
 	GetTransmissionSalt() []byte
 	GetTransmissionRegistrationValidationSignature() []byte
diff --git a/cmix/nodes/verifyNodeSig.go b/cmix/nodes/publicOpts.go
similarity index 57%
rename from cmix/nodes/verifyNodeSig.go
rename to cmix/nodes/publicOpts.go
index 55ae44c551fceffc76c170ee213d3e7b7db3dc8b..4a1c10a69b9538e8ee9639a85e31ee6189ceea29 100644
--- a/cmix/nodes/verifyNodeSig.go
+++ b/cmix/nodes/publicOpts.go
@@ -10,15 +10,23 @@
 package nodes
 
 import (
-	"crypto"
 	"github.com/pkg/errors"
+	"gitlab.com/elixxir/crypto/hash"
 	"gitlab.com/xx_network/crypto/tls"
+	"io"
 
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 )
 
-func verifyNodeSignature(certContents string, hash crypto.Hash,
-	hashed []byte, sig []byte, opts *rsa.Options) error {
+func useSHA() bool {
+	return false
+}
+
+func verifyNodeSignature(certContents string, hashed []byte, sig []byte) error {
+
+	opts := rsa.NewDefaultPSSOptions()
+
+	sch := rsa.GetScheme()
 
 	// Load nodes certificate
 	gatewayCert, err := tls.LoadCertificate(certContents)
@@ -27,11 +35,22 @@ func verifyNodeSignature(certContents string, hash crypto.Hash,
 	}
 
 	// Extract public key
-	nodePubKey, err := tls.ExtractPublicKey(gatewayCert)
+	nodePubKeyOld, err := tls.ExtractPublicKey(gatewayCert)
 	if err != nil {
 		return errors.Errorf("Unable to load node's public key: %v", err)
 	}
 
+	nodePubKey := sch.ConvertPublic(&nodePubKeyOld.PublicKey)
+
+	// Verify the response signature
+	return nodePubKey.VerifyPSS(opts.Hash, hashed, sig, opts)
+}
+
+func signRegistrationRequest(rng io.Reader, hashed []byte, privateKey rsa.PrivateKey) ([]byte, error) {
+
+	opts := rsa.NewDefaultPSSOptions()
+	opts.Hash = hash.CMixHash
+
 	// Verify the response signature
-	return rsa.Verify(nodePubKey, hash, hashed, sig, opts)
+	return privateKey.SignPSS(rng, opts.Hash, hashed, opts)
 }
diff --git a/cmix/nodes/publicOpts_js.go b/cmix/nodes/publicOpts_js.go
new file mode 100644
index 0000000000000000000000000000000000000000..1bb4f447b0147b1b45be616b206fa060f4412133
--- /dev/null
+++ b/cmix/nodes/publicOpts_js.go
@@ -0,0 +1,52 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright © 2022 xx foundation                                             //
+//                                                                            //
+// Use of this source code is governed by a license that can be found in the  //
+// LICENSE file.                                                              //
+////////////////////////////////////////////////////////////////////////////////
+
+//go:build js && wasm
+
+package nodes
+
+import (
+	"gitlab.com/xx_network/crypto/signature/rsa"
+)
+
+func useSHA() bool {
+	return true
+}
+
+func verifyNodeSignature(certContents string, hashed []byte, sig []byte) error {
+
+	opts := rsa.NewDefaultPSSOptions()
+	opts.Hash = crypto.SHA256
+
+	sch := rsa.GetScheme()
+
+	// Load nodes certificate
+	gatewayCert, err := tls.LoadCertificate(certContents)
+	if err != nil {
+		return errors.Errorf("Unable to load nodes's certificate: %+v", err)
+	}
+
+	// Extract public key
+	nodePubKeyOld, err := tls.ExtractPublicKey(gatewayCert)
+	if err != nil {
+		return errors.Errorf("Unable to load node's public key: %v", err)
+	}
+
+	nodePubKey := sch.ConvertPublic(&nodePubKeyOld.PublicKey)
+
+	// Verify the response signature
+	return nodePubKey.VerifyPSS(opts.Hash, hashed, sig, opts)
+}
+
+func signRegistrationRequest(rng io.Reader, hashed []byte, privateKey rsa.PrivateKey) ([]byte, error) {
+
+	opts := rsa.NewDefaultPSSOptions()
+	opts.Hash = crypto.SHA256
+
+	// Verify the response signature
+	return privateKey.SignPSS(rng, opts.Hash, hashed, opts)
+}
diff --git a/cmix/nodes/register_test.go b/cmix/nodes/register_test.go
index 0ebbdd4171f8a80b99b312071c030c748289f060..1a14f984ac23d3ee4a9c0775b52b08708b195887 100644
--- a/cmix/nodes/register_test.go
+++ b/cmix/nodes/register_test.go
@@ -11,8 +11,8 @@ import (
 	"gitlab.com/elixxir/client/v4/stoppable"
 	"gitlab.com/elixxir/comms/network"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
 	"testing"
@@ -21,6 +21,8 @@ import (
 
 // Unit test for registerWithNode
 func TestRegisterWithNode(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	// Generate a stoppable
 	stop := stoppable.NewSingle("test")
 	defer stop.Quit()
@@ -30,7 +32,7 @@ func TestRegisterWithNode(t *testing.T) {
 	defer stream.Close()
 
 	/// Load private key
-	privKeyRsa, err := rsa.LoadPrivateKeyFromPem([]byte(privKey))
+	privKeyRsa, err := sch.UnmarshalPrivateKeyPEM([]byte(privKey))
 	if err != nil {
 		t.Fatalf("Failed to load private Key: %v", err)
 	}
diff --git a/cmix/nodes/request.go b/cmix/nodes/request.go
index fe2d620c2b6590edf45c807ccca7bc1886b9ef20..12830d5954235ca21cd694cae10f17224183e4cb 100644
--- a/cmix/nodes/request.go
+++ b/cmix/nodes/request.go
@@ -26,7 +26,6 @@ import (
 	"gitlab.com/xx_network/comms/messages"
 	"gitlab.com/xx_network/crypto/chacha"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 )
@@ -108,7 +107,7 @@ func makeSignedKeyRequest(s session, rng io.Reader,
 	gwId *id.ID, dhPub *cyclic.Int) (*pb.SignedClientKeyRequest, error) {
 
 	// Reconstruct client confirmation message
-	userPubKeyRSA := rsa.CreatePublicKeyPem(s.GetTransmissionRSA().GetPublic())
+	userPubKeyRSA := s.GetTransmissionRSA().Public().MarshalPem()
 	confirmation := &pb.ClientRegistrationConfirmation{
 		RSAPubKey: string(userPubKeyRSA),
 		Timestamp: s.GetRegistrationTimestamp().UnixNano(),
@@ -138,13 +137,10 @@ func makeSignedKeyRequest(s session, rng io.Reader,
 	}
 
 	// Sign DH public key
-	opts := rsa.NewDefaultOptions()
-	opts.Hash = hash.CMixHash
-	h := opts.Hash.New()
+	h := hash.CMixHash.New()
 	h.Write(serializedMessage)
 	data := h.Sum(nil)
-	clientSig, err := rsa.Sign(rng, s.GetTransmissionRSA(), opts.Hash,
-		data, opts)
+	clientSig, err := signRegistrationRequest(rng, data, s.GetTransmissionRSA())
 	if err != nil {
 		return nil, err
 	}
@@ -154,6 +150,7 @@ func makeSignedKeyRequest(s session, rng io.Reader,
 		ClientKeyRequest:          serializedMessage,
 		ClientKeyRequestSignature: &messages.RSASignature{Signature: clientSig},
 		Target:                    gwId.Bytes(),
+		UseSHA:                    useSHA(),
 	}
 
 	return signedRequest, nil
@@ -164,10 +161,7 @@ func makeSignedKeyRequest(s session, rng io.Reader,
 func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse,
 	ngw network.NodeGateway, grp *cyclic.Group,
 	dhPrivKey *cyclic.Int) (*cyclic.Int, []byte, uint64, error) {
-	// Define hashing algorithm
-	opts := rsa.NewDefaultOptions()
-	opts.Hash = hash.CMixHash
-	h := opts.Hash.New()
+	h := hash.CMixHash.New()
 
 	// Hash the response
 	h.Reset()
@@ -175,8 +169,8 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse,
 	hashedResponse := h.Sum(nil)
 
 	// Verify the response signature
-	err := verifyNodeSignature(ngw.Gateway.TlsCertificate, opts.Hash, hashedResponse,
-		signedKeyResponse.KeyResponseSignedByGateway.Signature, opts)
+	err := verifyNodeSignature(ngw.Gateway.TlsCertificate, hashedResponse,
+		signedKeyResponse.KeyResponseSignedByGateway.Signature)
 	if err != nil {
 		return nil, nil, 0,
 			errors.Errorf("Could not verify nodes's signature: %v", err)
@@ -207,7 +201,7 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse,
 	jww.TRACE.Printf("[ClientKeyHMAC] EncryptedClientKeyHMAC: %+v", keyResponse.EncryptedClientKeyHMAC)
 
 	if !registration.VerifyClientHMAC(sessionKey.Bytes(),
-		keyResponse.EncryptedClientKey, opts.Hash.New,
+		keyResponse.EncryptedClientKey, hash.CMixHash.New,
 		keyResponse.EncryptedClientKeyHMAC) {
 		return nil, nil, 0, errors.New("Failed to verify client HMAC")
 	}
diff --git a/cmix/nodes/utils_test.go b/cmix/nodes/utils_test.go
index 68fb6ccde10ad75ac6a2b2ea4e52fe0a6d5b3122..22ff7db930a69f74fa5b923c43044ff0dfb3ca95 100644
--- a/cmix/nodes/utils_test.go
+++ b/cmix/nodes/utils_test.go
@@ -19,12 +19,12 @@ import (
 	"gitlab.com/elixxir/crypto/fastRNG"
 	"gitlab.com/elixxir/crypto/hash"
 	"gitlab.com/elixxir/crypto/registration"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/comms/messages"
 	"gitlab.com/xx_network/crypto/chacha"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
@@ -157,7 +157,7 @@ func (m mockSender) GetHostParams() connect.HostParams {
 
 type mockSession struct {
 	isPrecanned     bool
-	privKey         *rsa.PrivateKey
+	privKey         rsa.PrivateKey
 	timeStamp       time.Time
 	salt            []byte
 	transmissionSig []byte
@@ -179,7 +179,7 @@ func (m mockSession) IsPrecanned() bool {
 	return m.isPrecanned
 }
 
-func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey {
+func (m mockSession) GetTransmissionRSA() rsa.PrivateKey {
 	return m.privKey
 }
 
@@ -201,7 +201,7 @@ func (m mockSession) GetTransmissionRegistrationValidationSignature() []byte {
 
 // Mock client comms object adhering to RegisterNodeCommsInterface for testing.
 type MockClientComms struct {
-	rsaPrivKey *rsa.PrivateKey
+	rsaPrivKey rsa.PrivateKey
 	dhPrivKey  *cyclic.Int
 	rand       csprng.Source
 	grp        *cyclic.Group
@@ -235,20 +235,22 @@ func (m *MockClientComms) SendRequestClientKeyMessage(_ *connect.Host,
 	}
 
 	// Define hashing algorithm
-	opts := rsa.NewDefaultOptions()
+	opts := rsa.NewDefaultPSSOptions()
 	opts.Hash = hash.CMixHash
 	h := opts.Hash.New()
 
+	sch := rsa.GetScheme()
+
 	// Extract RSA pubkey
 	clientRsaPub := clientTransmissionConfirmation.RSAPubKey
 	// Assemble client public key into rsa.PublicKey
-	userPublicKey, err := rsa.LoadPublicKeyFromPem([]byte(clientRsaPub))
+	userPublicKey, err := sch.UnmarshalPublicKeyPEM([]byte(clientRsaPub))
 	if err != nil {
 		m.t.Fatalf("Failed to load public key: %+v", err)
 	}
 
 	// Parse user ID
-	userId, err := xx.NewID(userPublicKey, msg.GetSalt(), id.User)
+	userId, err := xx.NewID(userPublicKey.GetOldRSA(), msg.GetSalt(), id.User)
 	if err != nil {
 		m.t.Fatalf("Failed to generate user id: %+v", err)
 	}
@@ -298,7 +300,7 @@ func (m *MockClientComms) SendRequestClientKeyMessage(_ *connect.Host,
 	hashed := h.Sum(nil)
 
 	// Sign the nonce
-	signed, err := rsa.Sign(m.rand, m.rsaPrivKey, opts.Hash, hashed, opts)
+	signed, err := m.rsaPrivKey.SignPSS(m.rand, opts.Hash, hashed, opts)
 	if err != nil {
 		m.t.Fatalf("Failed to sign a request (as mock gateway): %+v", err)
 	}
diff --git a/cmix/nodes/verifyNodeSig_js.go b/cmix/nodes/verifyNodeSig_js.go
deleted file mode 100644
index 6bc339bd38273160ce8a13515225c944d2d7f3a8..0000000000000000000000000000000000000000
--- a/cmix/nodes/verifyNodeSig_js.go
+++ /dev/null
@@ -1,23 +0,0 @@
-////////////////////////////////////////////////////////////////////////////////
-// Copyright © 2022 xx foundation                                             //
-//                                                                            //
-// Use of this source code is governed by a license that can be found in the  //
-// LICENSE file.                                                              //
-////////////////////////////////////////////////////////////////////////////////
-
-//go:build js && wasm
-
-package nodes
-
-import (
-	"crypto"
-
-	jww "github.com/spf13/jwalterweatherman"
-	"gitlab.com/xx_network/crypto/signature/rsa"
-)
-
-func verifyNodeSignature(pub string, hash crypto.Hash,
-	hashed []byte, sig []byte, opts *rsa.Options) error {
-	jww.WARN.Printf("node signature checking disabled for wasm")
-	return nil
-}
diff --git a/connect/authenticated.go b/connect/authenticated.go
index 628d22bf1203ec21f8847100e3d66e6c9d2238ca..f679c4852191491dbaad72a71c542c46b0617f3e 100644
--- a/connect/authenticated.go
+++ b/connect/authenticated.go
@@ -19,7 +19,7 @@ import (
 	"gitlab.com/elixxir/client/v4/xxdk"
 	"gitlab.com/elixxir/crypto/contact"
 	"gitlab.com/elixxir/crypto/fastRNG"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 )
@@ -79,7 +79,7 @@ func ConnectWithAuthentication(recipient contact.Contact, user *xxdk.E2e,
 // the server. This will wait until the round it sends on completes or a
 // timeout occurs.
 func connectWithAuthentication(conn Connection, timeStart time.Time,
-	recipient contact.Contact, salt []byte, myRsaPrivKey *rsa.PrivateKey,
+	recipient contact.Contact, salt []byte, myRsaPrivKey rsa.PrivateKey,
 	rng *fastRNG.StreamGenerator,
 	net cmix.Client, p xxdk.E2EParams) (AuthenticatedConnection, error) {
 	// Construct message to prove your identity to the server
diff --git a/connect/authenticated_test.go b/connect/authenticated_test.go
index 21162751083d3faa878590b1d369a4c57a9465df..c7dd52b093cd65393f2f87d64dbb232beaa1aa6e 100644
--- a/connect/authenticated_test.go
+++ b/connect/authenticated_test.go
@@ -16,8 +16,8 @@ import (
 	"gitlab.com/elixxir/crypto/contact"
 	"gitlab.com/elixxir/crypto/diffieHellman"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 )
@@ -42,14 +42,16 @@ func TestConnectWithAuthentication(t *testing.T) {
 	salt := make([]byte, 32)
 	copy(salt, "salt")
 
-	myRsaPrivKey, err := rsa.LoadPrivateKeyFromPem(getPrivKey())
+	sch := rsa.GetScheme()
+
+	myRsaPrivKey, err := sch.UnmarshalPrivateKeyPEM(getPrivKey())
 	if err != nil {
 		t.Fatalf("Failed to load private key: %v", err)
 	}
 
 	// Construct client ID the proper way as server will need to verify it
 	// using the xx.NewID function call
-	myId, err := xx.NewID(myRsaPrivKey.GetPublic(), salt, id.User)
+	myId, err := xx.NewID(myRsaPrivKey.Public().GetOldRSA(), salt, id.User)
 	if err != nil {
 		t.Fatalf("Failed to generate client's id: %+v", err)
 	}
diff --git a/connect/client.go b/connect/client.go
index 49e47f4414ab214ed018b821bea5870c06e467d7..a5f206f637723a4f91e31fce06975e2e2d351cc7 100644
--- a/connect/client.go
+++ b/connect/client.go
@@ -12,13 +12,13 @@ import (
 	"github.com/pkg/errors"
 	"gitlab.com/elixxir/client/v4/e2e/ratchet/partner"
 	"gitlab.com/elixxir/crypto/fastRNG"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 )
 
 // buildClientAuthRequest is a helper function which constructs a marshalled
 // IdentityAuthentication message.
 func buildClientAuthRequest(newPartner partner.Manager,
-	rng *fastRNG.StreamGenerator, rsaPrivKey *rsa.PrivateKey,
+	rng *fastRNG.StreamGenerator, rsaPrivKey rsa.PrivateKey,
 	salt []byte) ([]byte, error) {
 
 	// Create signature
@@ -28,7 +28,7 @@ func buildClientAuthRequest(newPartner partner.Manager,
 	signature, err := sign(stream, rsaPrivKey, connectionFp)
 
 	// Construct message
-	pemEncodedRsaPubKey := rsa.CreatePublicKeyPem(rsaPrivKey.GetPublic())
+	pemEncodedRsaPubKey := rsaPrivKey.Public().MarshalPem()
 	iar := &IdentityAuthentication{
 		Signature: signature,
 		RsaPubKey: pemEncodedRsaPubKey,
diff --git a/connect/crypto.go b/connect/crypto.go
index 61714203fb05c659a65ee2517196cc4f583dc080..9420d8167a7bf840e846e9f6c49d4984a9f64783 100644
--- a/connect/crypto.go
+++ b/connect/crypto.go
@@ -9,35 +9,34 @@ package connect
 
 import (
 	"github.com/pkg/errors"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 	"io"
 )
 
 // Sign creates a signature authenticating an identity for a connection.
-func sign(rng io.Reader, rsaPrivKey *rsa.PrivateKey,
+func sign(rng io.Reader, rsaPrivKey rsa.PrivateKey,
 	connectionFp []byte) ([]byte, error) {
 	// The connection fingerprint (hashed) will be used as a nonce
-	opts := rsa.NewDefaultOptions()
+	opts := rsa.NewDefaultPSSOptions()
 	h := opts.Hash.New()
 	h.Write(connectionFp)
 	nonce := h.Sum(nil)
 
 	// Sign the connection fingerprint
-	return rsa.Sign(rng, rsaPrivKey,
-		opts.Hash, nonce, opts)
+	return rsaPrivKey.SignPSS(rng, opts.Hash, nonce, opts)
 
 }
 
 // Verify takes a signature for an authentication attempt
 // and verifies the information.
-func verify(partnerId *id.ID, partnerPubKey *rsa.PublicKey,
+func verify(partnerId *id.ID, partnerPubKey rsa.PublicKey,
 	signature, connectionFp, salt []byte) error {
 
 	// Verify the partner's known ID against the information passed
 	// along the wire
-	partnerWireId, err := xx.NewID(partnerPubKey, salt, id.User)
+	partnerWireId, err := xx.NewID(partnerPubKey.GetOldRSA(), salt, id.User)
 	if err != nil {
 		return err
 	}
@@ -47,13 +46,13 @@ func verify(partnerId *id.ID, partnerPubKey *rsa.PublicKey,
 	}
 
 	// Hash the connection fingerprint
-	opts := rsa.NewDefaultOptions()
+	opts := rsa.NewDefaultPSSOptions()
 	h := opts.Hash.New()
 	h.Write(connectionFp)
 	nonce := h.Sum(nil)
 
 	// Verify the signature
-	err = rsa.Verify(partnerPubKey, opts.Hash, nonce, signature, opts)
+	err = partnerPubKey.VerifyPSS(opts.Hash, nonce, signature, opts)
 	if err != nil {
 		return err
 	}
diff --git a/connect/crypto_test.go b/connect/crypto_test.go
index 0cec007eb478ab853a180e01213f41ac65256585..18493f2f476f609ad2d541b9472ab1f79b8b1e29 100644
--- a/connect/crypto_test.go
+++ b/connect/crypto_test.go
@@ -11,7 +11,7 @@ import (
 	"bytes"
 	"testing"
 
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 )
@@ -57,7 +57,9 @@ func TestSignVerify_Consistency(t *testing.T) {
 	// use insecure seeded rng to reproduce key
 	notRand := &CountingReader{count: uint8(0)}
 
-	privKey, err := rsa.GenerateKey(notRand, 1024)
+	sch := rsa.GetScheme()
+
+	privKey, err := sch.Generate(notRand, 1024)
 	if err != nil {
 		t.Fatalf("SignVerify error: "+
 			"Could not generate key: %v", err.Error())
@@ -73,12 +75,12 @@ func TestSignVerify_Consistency(t *testing.T) {
 	salt := make([]byte, 32)
 	copy(salt, "salt")
 
-	partnerId, err := xx.NewID(privKey.GetPublic(), salt, id.User)
+	partnerId, err := xx.NewID(privKey.Public().GetOldRSA(), salt, id.User)
 	if err != nil {
 		t.Fatalf("NewId error: %v", err)
 	}
 
-	err = verify(partnerId, privKey.GetPublic(), signature, connFp, salt)
+	err = verify(partnerId, privKey.Public(), signature, connFp, salt)
 	if err != nil {
 		t.Fatalf("Verify error: %v", err)
 	}
diff --git a/connect/server.go b/connect/server.go
index 84981f7ea25587b0bdb5dc84def9eaff2156cb2a..cf71b41e6b5bf2f1cf5c397c11acbbc1e3aa4229 100644
--- a/connect/server.go
+++ b/connect/server.go
@@ -11,7 +11,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/client/v4/e2e/receive"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/primitives/id"
 )
 
@@ -64,8 +64,10 @@ func (a serverListener) Hear(item receive.Message) {
 	newPartner := a.conn.GetPartner()
 	connectionFp := newPartner.ConnectionFingerprint().Bytes()
 
+	sch := rsa.GetScheme()
+
 	// Process the PEM encoded public key to an rsa.PublicKey object
-	partnerPubKey, err := rsa.LoadPublicKeyFromPem(iar.RsaPubKey)
+	partnerPubKey, err := sch.UnmarshalPublicKeyPEM(iar.RsaPubKey)
 	if err != nil {
 		a.handleAuthConfirmationErr(err, item.Sender)
 	}
diff --git a/fileTransfer/connect/utils_test.go b/fileTransfer/connect/utils_test.go
index a6d101db7b0f6683780b8ca621b78135508df32a..dad4999cda72c07bb0b6f19072b1a51d38d3b879 100644
--- a/fileTransfer/connect/utils_test.go
+++ b/fileTransfer/connect/utils_test.go
@@ -32,13 +32,13 @@ import (
 	"gitlab.com/elixxir/crypto/cyclic"
 	cryptoE2e "gitlab.com/elixxir/crypto/e2e"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/elixxir/primitives/version"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 	"gitlab.com/xx_network/primitives/ndf"
@@ -352,8 +352,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID                              {
 func (m *mockStorage) GetTransmissionSalt() []byte                            { panic("implement me") }
 func (m *mockStorage) GetReceptionID() *id.ID                                 { panic("implement me") }
 func (m *mockStorage) GetReceptionSalt() []byte                               { panic("implement me") }
-func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey                       { panic("implement me") }
-func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey                    { panic("implement me") }
+func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey                        { panic("implement me") }
+func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey                     { panic("implement me") }
 func (m *mockStorage) IsPrecanned() bool                                      { panic("implement me") }
 func (m *mockStorage) SetUsername(string) error                               { panic("implement me") }
 func (m *mockStorage) GetUsername() (string, error)                           { panic("implement me") }
diff --git a/fileTransfer/e2e/utils_test.go b/fileTransfer/e2e/utils_test.go
index efa4cc07e3a39f41dbdbe9d50b537326b527c1c3..ceb87f3409fed45138984193a73edb285e7369e0 100644
--- a/fileTransfer/e2e/utils_test.go
+++ b/fileTransfer/e2e/utils_test.go
@@ -33,13 +33,13 @@ import (
 	"gitlab.com/elixxir/crypto/cyclic"
 	cryptoE2e "gitlab.com/elixxir/crypto/e2e"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/elixxir/primitives/version"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 	"gitlab.com/xx_network/primitives/ndf"
@@ -377,8 +377,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID                              {
 func (m *mockStorage) GetTransmissionSalt() []byte                            { panic("implement me") }
 func (m *mockStorage) GetReceptionID() *id.ID                                 { panic("implement me") }
 func (m *mockStorage) GetReceptionSalt() []byte                               { panic("implement me") }
-func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey                       { panic("implement me") }
-func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey                    { panic("implement me") }
+func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey                        { panic("implement me") }
+func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey                     { panic("implement me") }
 func (m *mockStorage) IsPrecanned() bool                                      { panic("implement me") }
 func (m *mockStorage) SetUsername(string) error                               { panic("implement me") }
 func (m *mockStorage) GetUsername() (string, error)                           { panic("implement me") }
diff --git a/fileTransfer/groupChat/utils_test.go b/fileTransfer/groupChat/utils_test.go
index 063a14c4ed268496eb3479833e8560124e2ba16b..bf2d3c83816326e15e35f823b9234e1db0ec999e 100644
--- a/fileTransfer/groupChat/utils_test.go
+++ b/fileTransfer/groupChat/utils_test.go
@@ -29,13 +29,13 @@ import (
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/fastRNG"
 	"gitlab.com/elixxir/crypto/group"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/elixxir/primitives/version"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 	"gitlab.com/xx_network/primitives/ndf"
@@ -314,8 +314,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID                              {
 func (m *mockStorage) GetTransmissionSalt() []byte                            { panic("implement me") }
 func (m *mockStorage) GetReceptionID() *id.ID                                 { panic("implement me") }
 func (m *mockStorage) GetReceptionSalt() []byte                               { panic("implement me") }
-func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey                       { panic("implement me") }
-func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey                    { panic("implement me") }
+func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey                        { panic("implement me") }
+func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey                     { panic("implement me") }
 func (m *mockStorage) IsPrecanned() bool                                      { panic("implement me") }
 func (m *mockStorage) SetUsername(string) error                               { panic("implement me") }
 func (m *mockStorage) GetUsername() (string, error)                           { panic("implement me") }
diff --git a/fileTransfer/utils_test.go b/fileTransfer/utils_test.go
index e7d71cb92ed63b695858a0bb636dc57583e6101f..9c1c2f700871dcfe366fb8b79c4274efb2427654 100644
--- a/fileTransfer/utils_test.go
+++ b/fileTransfer/utils_test.go
@@ -32,13 +32,13 @@ import (
 	"gitlab.com/elixxir/comms/network"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/elixxir/primitives/version"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 	"gitlab.com/xx_network/primitives/ndf"
@@ -326,8 +326,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID                              {
 func (m *mockStorage) GetTransmissionSalt() []byte                            { panic("implement me") }
 func (m *mockStorage) GetReceptionID() *id.ID                                 { panic("implement me") }
 func (m *mockStorage) GetReceptionSalt() []byte                               { panic("implement me") }
-func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey                       { panic("implement me") }
-func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey                    { panic("implement me") }
+func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey                        { panic("implement me") }
+func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey                     { panic("implement me") }
 func (m *mockStorage) IsPrecanned() bool                                      { panic("implement me") }
 func (m *mockStorage) SetUsername(string) error                               { panic("implement me") }
 func (m *mockStorage) GetUsername() (string, error)                           { panic("implement me") }
diff --git a/go.mod b/go.mod
index c7eea03933739948b7698df558373ab8515ec97f..bef1fd0bf5e7762fcd70d971a0e2af5d70092680 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/stretchr/testify v1.8.0
 	gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f
 	gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430
-	gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3
+	gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2
 	gitlab.com/elixxir/ekv v0.2.1
 	gitlab.com/elixxir/primitives v0.0.3-0.20221214192222-988b44a6958a
 	gitlab.com/xx_network/comms v0.0.4-0.20230109184153-4cb43814fa1d
diff --git a/go.sum b/go.sum
index 2572110c7e64d3bb20e182d60d4ef83d673c50c7..45c3b74a9414e380657b9cbb83ae41ac6d09e0a5 100644
--- a/go.sum
+++ b/go.sum
@@ -497,6 +497,8 @@ gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430 h1:OydFdoBbLz5iFzC
 gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430/go.mod h1:aFnxDpIxEEFHdAa2dEeydzo00u/IAcfrqPSEnmeffbY=
 gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3 h1:5au07K9R4K4RMRTGqdB+EB1hzAezcXuxxblZx17geDc=
 gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3/go.mod h1:7whUm4bnEdEoiVfMnu3TbHgvlrz0Ywp/Tekqg2Wl7vw=
+gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2 h1:JxwNkpRQy8v6cXduMw2C1fKIpcZNHQCyC3CD2V7+efQ=
+gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2/go.mod h1:7whUm4bnEdEoiVfMnu3TbHgvlrz0Ywp/Tekqg2Wl7vw=
 gitlab.com/elixxir/ekv v0.2.1 h1:dtwbt6KmAXG2Tik5d60iDz2fLhoFBgWwST03p7T+9Is=
 gitlab.com/elixxir/ekv v0.2.1/go.mod h1:USLD7xeDnuZEavygdrgzNEwZXeLQJK/w1a+htpN+JEU=
 gitlab.com/elixxir/primitives v0.0.3-0.20221214192222-988b44a6958a h1:F17FfEjS+/uDI/TTYQD21S5JvNZ9+p9bieau2nyLCzo=
diff --git a/groupChat/session_test.go b/groupChat/session_test.go
index c5be891017f24d9fb3557b1cb2bb48129e182cd7..b3a5ce529ff5e1023990c33a9460fb44f0c15d34 100644
--- a/groupChat/session_test.go
+++ b/groupChat/session_test.go
@@ -12,9 +12,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/user"
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/version"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
 	"time"
@@ -120,12 +120,12 @@ func (m mockSession) GetReceptionSalt() []byte {
 	panic("implement me")
 }
 
-func (m mockSession) GetReceptionRSA() *rsa.PrivateKey {
+func (m mockSession) GetReceptionRSA() rsa.PrivateKey {
 	//TODO implement me
 	panic("implement me")
 }
 
-func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey {
+func (m mockSession) GetTransmissionRSA() rsa.PrivateKey {
 	//TODO implement me
 	panic("implement me")
 }
diff --git a/registration/register.go b/registration/register.go
index 56986c809660edcf23fadf0947afa2f8aa5fc485..0fbe6b240afef04165e5b44277f6e3faab8f1875 100644
--- a/registration/register.go
+++ b/registration/register.go
@@ -12,11 +12,11 @@ import (
 	"github.com/pkg/errors"
 	pb "gitlab.com/elixxir/comms/mixmessages"
 	"gitlab.com/elixxir/crypto/registration"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/comms/connect"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 )
 
-func (perm *Registration) Register(transmissionPublicKey, receptionPublicKey *rsa.PublicKey,
+func (perm *Registration) Register(transmissionPublicKey, receptionPublicKey rsa.PublicKey,
 	registrationCode string) (transmissionSig []byte, receptionSig []byte, regTimestamp int64, err error) {
 	return register(perm.comms, perm.host, transmissionPublicKey, receptionPublicKey, registrationCode)
 }
@@ -29,13 +29,13 @@ type registrationMessageSender interface {
 //register registers the user with optional registration code
 // Returns an error if registration fails.
 func register(comms registrationMessageSender, host *connect.Host,
-	transmissionPublicKey, receptionPublicKey *rsa.PublicKey,
+	transmissionPublicKey, receptionPublicKey rsa.PublicKey,
 	registrationCode string) (
 	transmissionSig []byte, receptionSig []byte, regTimestamp int64, err error) {
 
 	// Send the message
-	transmissionPem := string(rsa.CreatePublicKeyPem(transmissionPublicKey))
-	receptionPem := string(rsa.CreatePublicKeyPem(receptionPublicKey))
+	transmissionPem := string(transmissionPublicKey.MarshalPem())
+	receptionPem := string(receptionPublicKey.MarshalPem())
 	response, err := comms.
 		SendRegistrationMessage(host,
 			&pb.ClientRegistration{
diff --git a/registration/register_test.go b/registration/register_test.go
index 8cec2bfb92f215640de1206141d473a47eea9601..5e789a5ee0c4b689d02dfe9d3539373c0efd4122 100644
--- a/registration/register_test.go
+++ b/registration/register_test.go
@@ -14,9 +14,9 @@ import (
 	pb "gitlab.com/elixxir/comms/mixmessages"
 	"gitlab.com/elixxir/comms/testkeys"
 	"gitlab.com/elixxir/crypto/registration"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/comms/messages"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/utils"
 	"testing"
@@ -27,7 +27,8 @@ var expectedSignatureOne = []byte{7, 15, 58, 201, 193, 112, 205, 247, 7, 200, 21
 var expectedSignatureTwo = []byte{97, 206, 133, 26, 212, 226, 126, 58, 99, 225, 29, 219, 143, 47, 86, 153, 2, 43, 151, 157, 37, 150, 30, 81, 206, 141, 255, 164, 203, 254, 173, 35, 77, 150, 7, 208, 79, 82, 39, 163, 81, 230, 188, 149, 161, 54, 113, 241, 80, 97, 198, 225, 93, 130, 169, 46, 76, 115, 202, 101, 219, 201, 233, 60, 85, 181, 153, 153, 192, 56, 41, 119, 7, 211, 202, 245, 95, 150, 186, 162, 48, 77, 15, 192, 15, 196, 29, 68, 169, 212, 47, 46, 115, 242, 171, 86, 57, 170, 127, 23, 166, 36, 42, 174, 70, 73, 65, 255, 254, 199, 16, 165, 57, 77, 91, 145, 132, 180, 211, 123, 210, 161, 7, 114, 180, 130, 242, 52, 27, 211, 138, 163, 38, 233, 122, 102, 172, 217, 40, 99, 203, 255, 239, 147, 20, 249, 52, 109, 45, 106, 16, 41, 221, 45, 29, 125, 197, 42, 80, 167, 165, 82, 10, 54, 19, 114, 240, 127, 212, 126, 86, 125, 35, 142, 130, 172, 144, 7, 238, 215, 29, 105, 70, 171, 217, 161, 214, 26, 30, 201, 119, 191, 77, 81, 86, 118, 15, 180, 185, 20, 220, 236, 183, 67, 242, 255, 93, 16, 1, 31, 177, 211, 189, 231, 125, 83, 213, 65, 3, 209, 186, 70, 76, 51, 109, 153, 24, 81, 200, 57, 43, 8, 91, 24, 64, 118, 108, 237, 8, 204, 206, 95, 215, 72, 160, 42, 214, 133, 140, 86, 206, 0, 152, 139, 67, 234}
 
 func NewMockRegSender(key, cert []byte) (*MockRegistrationSender, error) {
-	privKey, err := rsa.LoadPrivateKeyFromPem(key)
+	sch := rsa.GetScheme()
+	privKey, err := sch.UnmarshalPrivateKeyPEM(key)
 	if err != nil {
 		return nil, err
 	}
@@ -60,7 +61,7 @@ type MockRegistrationSender struct {
 	reg *pb.ClientRegistration
 	// param passed to SendRegistrationMessage
 	host    *connect.Host
-	privKey *rsa.PrivateKey
+	privKey rsa.PrivateKey
 	prngOne *CountingReader
 	prngTwo *CountingReader
 
@@ -72,13 +73,13 @@ type MockRegistrationSender struct {
 }
 
 func (s *MockRegistrationSender) SendRegistrationMessage(host *connect.Host, message *pb.ClientRegistration) (*pb.SignedClientRegistrationConfirmations, error) {
-	transSig, err := registration.SignWithTimestamp(s.prngOne, s.privKey,
+	transSig, err := registration.SignWithTimestamp(s.prngOne, s.privKey.GetOldRSA(),
 		s.mockTS.UnixNano(), message.ClientTransmissionRSAPubKey)
 	if err != nil {
 		return nil, errors.Errorf("Failed to sign transmission: %v", err)
 	}
 
-	receptionSig, err := registration.SignWithTimestamp(s.prngTwo, s.privKey,
+	receptionSig, err := registration.SignWithTimestamp(s.prngTwo, s.privKey.GetOldRSA(),
 		s.mockTS.UnixNano(), message.ClientReceptionRSAPubKey)
 	if err != nil {
 		return nil, errors.Errorf("Failed to sign reception: %v", err)
@@ -129,6 +130,8 @@ func (s *MockRegistrationSender) GetHost(*id.ID) (*connect.Host, bool) {
 // Shows that registration gets RPCs with the correct parameters
 func TestRegisterWithPermissioning(t *testing.T) {
 
+	sch := rsa.GetScheme()
+
 	certData, err := utils.ReadFile(testkeys.GetNodeCertPath())
 	if err != nil {
 		t.Fatalf("Could not load certificate: %v", err)
@@ -139,7 +142,7 @@ func TestRegisterWithPermissioning(t *testing.T) {
 		t.Fatalf("Could not load private key: %v", err)
 	}
 
-	key, err := rsa.LoadPrivateKeyFromPem(keyData)
+	key, err := sch.UnmarshalPrivateKeyPEM(keyData)
 	if err != nil {
 		t.Fatalf("Could not load public key")
 	}
@@ -150,7 +153,7 @@ func TestRegisterWithPermissioning(t *testing.T) {
 	}
 
 	regCode := "flooble doodle"
-	sig1, sig2, regTimestamp, err := register(sender, sender.getHost, key.GetPublic(), key.GetPublic(), regCode)
+	sig1, sig2, regTimestamp, err := register(sender, sender.getHost, key.Public(), key.Public(), regCode)
 	if err != nil {
 		t.Error(err)
 	}
@@ -178,6 +181,7 @@ func TestRegisterWithPermissioning(t *testing.T) {
 // Shows that returning an error from the registration server results in an
 // error from register
 func TestRegisterWithPermissioning_ResponseErr(t *testing.T) {
+	sch := rsa.GetScheme()
 	certData, err := utils.ReadFile(testkeys.GetNodeCertPath())
 	if err != nil {
 		t.Fatalf("Could not load certificate: %v", err)
@@ -188,7 +192,7 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) {
 		t.Fatalf("Could not load private key: %v", err)
 	}
 
-	key, err := rsa.LoadPrivateKeyFromPem(keyData)
+	key, err := sch.UnmarshalPrivateKeyPEM(keyData)
 	if err != nil {
 		t.Fatalf("Could not load public key")
 	}
@@ -199,7 +203,7 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) {
 	}
 
 	sender.errInReply = "failure occurred on registration"
-	_, _, _, err = register(sender, nil, key.GetPublic(), key.GetPublic(), "")
+	_, _, _, err = register(sender, nil, key.Public(), key.Public(), "")
 	if err == nil {
 		t.Error("no error if registration fails on registration")
 	}
@@ -208,6 +212,8 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) {
 // Shows that returning an error from the RPC (e.g. context deadline exceeded)
 // results in an error from register
 func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	certData, err := utils.ReadFile(testkeys.GetNodeCertPath())
 	if err != nil {
 		t.Fatalf("Could not load certificate: %v", err)
@@ -218,7 +224,7 @@ func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) {
 		t.Fatalf("Could not load private key: %v", err)
 	}
 
-	key, err := rsa.LoadPrivateKeyFromPem(keyData)
+	key, err := sch.UnmarshalPrivateKeyPEM(keyData)
 	if err != nil {
 		t.Fatalf("Could not load public key")
 	}
@@ -228,7 +234,7 @@ func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) {
 		t.Fatalf("Failed to create mock sender: %v", err)
 	}
 	sender.errSendRegistration = errors.New("connection problem")
-	_, _, _, err = register(sender, nil, key.GetPublic(), key.GetPublic(), "")
+	_, _, _, err = register(sender, nil, key.Public(), key.Public(), "")
 	if err == nil {
 		t.Error("no error if e.g. context deadline exceeded")
 	}
diff --git a/storage/session.go b/storage/session.go
index 8e98ebb4a8ed69050f6ac75a0a70eddfd8a99e24..df641ad2906a9279cfd061ee0c658221f876e71f 100644
--- a/storage/session.go
+++ b/storage/session.go
@@ -26,9 +26,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/user"
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/version"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
 )
@@ -59,8 +59,8 @@ type Session interface {
 	GetTransmissionSalt() []byte
 	GetReceptionID() *id.ID
 	GetReceptionSalt() []byte
-	GetReceptionRSA() *rsa.PrivateKey
-	GetTransmissionRSA() *rsa.PrivateKey
+	GetReceptionRSA() rsa.PrivateKey
+	GetTransmissionRSA() rsa.PrivateKey
 	IsPrecanned() bool
 	SetUsername(username string) error
 	GetUsername() (string, error)
@@ -230,8 +230,8 @@ func InitTestingSession(i interface{}) Session {
 	default:
 		jww.FATAL.Panicf("InitTestingSession is restricted to testing only. Got %T", i)
 	}
-
-	privKey, _ := rsa.LoadPrivateKeyFromPem([]byte("-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC7Dkb6VXFn4cdp\nU0xh6ji0nTDQUyT9DSNW9I3jVwBrWfqMc4ymJuonMZbuqK+cY2l+suS2eugevWZr\ntzujFPBRFp9O14Jl3fFLfvtjZvkrKbUMHDHFehascwzrp3tXNryiRMmCNQV55TfI\nTVCv8CLE0t1ibiyOGM9ZWYB2OjXt59j76lPARYww5qwC46vS6+3Cn2Yt9zkcrGes\nkWEFa2VttHqF910TP+DZk2R5C7koAh6wZYK6NQ4S83YQurdHAT51LKGrbGehFKXq\n6/OAXCU1JLi3kW2PovTb6MZuvxEiRmVAONsOcXKu7zWCmFjuZZwfRt2RhnpcSgzf\nrarmsGM0LZh6JY3MGJ9YdPcVGSz+Vs2E4zWbNW+ZQoqlcGeMKgsIiQ670g0xSjYI\nCqldpt79gaET9PZsoXKEmKUaj6pq1d4qXDk7s63HRQazwVLGBdJQK8qX41eCdR8V\nMKbrCaOkzD5zgnEu0jBBAwdMtcigkMIk1GRv91j7HmqwryOBHryLi6NWBY3tjb4S\no9AppDQB41SH3SwNenAbNO1CXeUqN0hHX6I1bE7OlbjqI7tXdrTllHAJTyVVjenP\nel2ApMXp+LVRdDbKtwBiuM6+n+z0I7YYerxN1gfvpYgcXm4uye8dfwotZj6H2J/u\nSALsU2v9UHBzprdrLSZk2YpozJb+CQIDAQABAoICAARjDFUYpeU6zVNyCauOM7BA\ns4FfQdHReg+zApTfWHosDQ04NIc9CGbM6e5E9IFlb3byORzyevkllf5WuMZVWmF8\nd1YBBeTftKYBn2Gwa42Ql9dl3eD0wQ1gUWBBeEoOVZQ0qskr9ynpr0o6TfciWZ5m\nF50UWmUmvc4ppDKhoNwogNU/pKEwwF3xOv2CW2hB8jyLQnk3gBZlELViX3UiFKni\n/rCfoYYvDFXt+ABCvx/qFNAsQUmerurQ3Ob9igjXRaC34D7F9xQ3CMEesYJEJvc9\nGjvr5DbnKnjx152HS56TKhK8gp6vGHJz17xtWECXD3dIUS/1iG8bqXuhdg2c+2aW\nm3MFpa5jgpAawUWc7c32UnqbKKf+HI7/x8J1yqJyNeU5SySyYSB5qtwTShYzlBW/\nyCYD41edeJcmIp693nUcXzU+UAdtpt0hkXS59WSWlTrB/huWXy6kYXLNocNk9L7g\niyx0cOmkuxREMHAvK0fovXdVyflQtJYC7OjJxkzj2rWO+QtHaOySXUyinkuTb5ev\nxNhs+ROWI/HAIE9buMqXQIpHx6MSgdKOL6P6AEbBan4RAktkYA6y5EtH/7x+9V5E\nQTIz4LrtI6abaKb4GUlZkEsc8pxrkNwCqOAE/aqEMNh91Na1TOj3f0/a6ckGYxYH\npyrvwfP2Ouu6e5FhDcCBAoIBAQDcN8mK99jtrH3q3Q8vZAWFXHsOrVvnJXyHLz9V\n1Rx/7TnMUxvDX1PIVxhuJ/tmHtxrNIXOlps80FCZXGgxfET/YFrbf4H/BaMNJZNP\nag1wBV5VQSnTPdTR+Ijice+/ak37S2NKHt8+ut6yoZjD7sf28qiO8bzNua/OYHkk\nV+RkRkk68Uk2tFMluQOSyEjdsrDNGbESvT+R1Eotupr0Vy/9JRY/TFMc4MwJwOoy\ns7wYr9SUCq/cYn7FIOBTI+PRaTx1WtpfkaErDc5O+nLLEp1yOrfktl4LhU/r61i7\nfdtafUACTKrXG2qxTd3w++mHwTwVl2MwhiMZfxvKDkx0L2gxAoIBAQDZcxKwyZOy\ns6Aw7igw1ftLny/dpjPaG0p6myaNpeJISjTOU7HKwLXmlTGLKAbeRFJpOHTTs63y\ngcmcuE+vGCpdBHQkaCev8cve1urpJRcxurura6+bYaENO6ua5VzF9BQlDYve0YwY\nlbJiRKmEWEAyULjbIebZW41Z4UqVG3MQI750PRWPW4WJ2kDhksFXN1gwSnaM46KR\nPmVA0SL+RCPcAp/VkImCv0eqv9exsglY0K/QiJfLy3zZ8QvAn0wYgZ3AvH3lr9rJ\nT7pg9WDb+OkfeEQ7INubqSthhaqCLd4zwbMRlpyvg1cMSq0zRvrFpwVlSY85lW4F\ng/tgjJ99W9VZAoIBAH3OYRVDAmrFYCoMn+AzA/RsIOEBqL8kaz/Pfh9K4D01CQ/x\naqryiqqpFwvXS4fLmaClIMwkvgq/90ulvuCGXeSG52D+NwW58qxQCxgTPhoA9yM9\nVueXKz3I/mpfLNftox8sskxl1qO/nfnu15cXkqVBe4ouD+53ZjhAZPSeQZwHi05h\nCbJ20gl66M+yG+6LZvXE96P8+ZQV80qskFmGdaPozAzdTZ3xzp7D1wegJpTz3j20\n3ULKAiIb5guZNU0tEZz5ikeOqsQt3u6/pVTeDZR0dxnyFUf/oOjmSorSG75WT3sA\n0ZiR0SH5mhFR2Nf1TJ4JHmFaQDMQqo+EG6lEbAECggEAA7kGnuQ0lSCiI3RQV9Wy\nAa9uAFtyE8/XzJWPaWlnoFk04jtoldIKyzHOsVU0GOYOiyKeTWmMFtTGANre8l51\nizYiTuVBmK+JD/2Z8/fgl8dcoyiqzvwy56kX3QUEO5dcKO48cMohneIiNbB7PnrM\nTpA3OfkwnJQGrX0/66GWrLYP8qmBDv1AIgYMilAa40VdSyZbNTpIdDgfP6bU9Ily\nG7gnyF47HHPt5Cx4ouArbMvV1rof7ytCrfCEhP21Lc46Ryxy81W5ZyzoQfSxfdKb\nGyDR+jkryVRyG69QJf5nCXfNewWbFR4ohVtZ78DNVkjvvLYvr4qxYYLK8PI3YMwL\nsQKCAQB9lo7JadzKVio+C18EfNikOzoriQOaIYowNaaGDw3/9KwIhRsKgoTs+K5O\ngt/gUoPRGd3M2z4hn5j4wgeuFi7HC1MdMWwvgat93h7R1YxiyaOoCTxH1klbB/3K\n4fskdQRxuM8McUebebrp0qT5E0xs2l+ABmt30Dtd3iRrQ5BBjnRc4V//sQiwS1aC\nYi5eNYCQ96BSAEo1dxJh5RI/QxF2HEPUuoPM8iXrIJhyg9TEEpbrEJcxeagWk02y\nOMEoUbWbX07OzFVvu+aJaN/GlgiogMQhb6IiNTyMlryFUleF+9OBA8xGHqGWA6nR\nOaRA5ZbdE7g7vxKRV36jT3wvD7W+\n-----END PRIVATE KEY-----\n"))
+	sch := rsa.GetScheme()
+	privKey, _ := sch.UnmarshalPrivateKeyPEM([]byte("-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC7Dkb6VXFn4cdp\nU0xh6ji0nTDQUyT9DSNW9I3jVwBrWfqMc4ymJuonMZbuqK+cY2l+suS2eugevWZr\ntzujFPBRFp9O14Jl3fFLfvtjZvkrKbUMHDHFehascwzrp3tXNryiRMmCNQV55TfI\nTVCv8CLE0t1ibiyOGM9ZWYB2OjXt59j76lPARYww5qwC46vS6+3Cn2Yt9zkcrGes\nkWEFa2VttHqF910TP+DZk2R5C7koAh6wZYK6NQ4S83YQurdHAT51LKGrbGehFKXq\n6/OAXCU1JLi3kW2PovTb6MZuvxEiRmVAONsOcXKu7zWCmFjuZZwfRt2RhnpcSgzf\nrarmsGM0LZh6JY3MGJ9YdPcVGSz+Vs2E4zWbNW+ZQoqlcGeMKgsIiQ670g0xSjYI\nCqldpt79gaET9PZsoXKEmKUaj6pq1d4qXDk7s63HRQazwVLGBdJQK8qX41eCdR8V\nMKbrCaOkzD5zgnEu0jBBAwdMtcigkMIk1GRv91j7HmqwryOBHryLi6NWBY3tjb4S\no9AppDQB41SH3SwNenAbNO1CXeUqN0hHX6I1bE7OlbjqI7tXdrTllHAJTyVVjenP\nel2ApMXp+LVRdDbKtwBiuM6+n+z0I7YYerxN1gfvpYgcXm4uye8dfwotZj6H2J/u\nSALsU2v9UHBzprdrLSZk2YpozJb+CQIDAQABAoICAARjDFUYpeU6zVNyCauOM7BA\ns4FfQdHReg+zApTfWHosDQ04NIc9CGbM6e5E9IFlb3byORzyevkllf5WuMZVWmF8\nd1YBBeTftKYBn2Gwa42Ql9dl3eD0wQ1gUWBBeEoOVZQ0qskr9ynpr0o6TfciWZ5m\nF50UWmUmvc4ppDKhoNwogNU/pKEwwF3xOv2CW2hB8jyLQnk3gBZlELViX3UiFKni\n/rCfoYYvDFXt+ABCvx/qFNAsQUmerurQ3Ob9igjXRaC34D7F9xQ3CMEesYJEJvc9\nGjvr5DbnKnjx152HS56TKhK8gp6vGHJz17xtWECXD3dIUS/1iG8bqXuhdg2c+2aW\nm3MFpa5jgpAawUWc7c32UnqbKKf+HI7/x8J1yqJyNeU5SySyYSB5qtwTShYzlBW/\nyCYD41edeJcmIp693nUcXzU+UAdtpt0hkXS59WSWlTrB/huWXy6kYXLNocNk9L7g\niyx0cOmkuxREMHAvK0fovXdVyflQtJYC7OjJxkzj2rWO+QtHaOySXUyinkuTb5ev\nxNhs+ROWI/HAIE9buMqXQIpHx6MSgdKOL6P6AEbBan4RAktkYA6y5EtH/7x+9V5E\nQTIz4LrtI6abaKb4GUlZkEsc8pxrkNwCqOAE/aqEMNh91Na1TOj3f0/a6ckGYxYH\npyrvwfP2Ouu6e5FhDcCBAoIBAQDcN8mK99jtrH3q3Q8vZAWFXHsOrVvnJXyHLz9V\n1Rx/7TnMUxvDX1PIVxhuJ/tmHtxrNIXOlps80FCZXGgxfET/YFrbf4H/BaMNJZNP\nag1wBV5VQSnTPdTR+Ijice+/ak37S2NKHt8+ut6yoZjD7sf28qiO8bzNua/OYHkk\nV+RkRkk68Uk2tFMluQOSyEjdsrDNGbESvT+R1Eotupr0Vy/9JRY/TFMc4MwJwOoy\ns7wYr9SUCq/cYn7FIOBTI+PRaTx1WtpfkaErDc5O+nLLEp1yOrfktl4LhU/r61i7\nfdtafUACTKrXG2qxTd3w++mHwTwVl2MwhiMZfxvKDkx0L2gxAoIBAQDZcxKwyZOy\ns6Aw7igw1ftLny/dpjPaG0p6myaNpeJISjTOU7HKwLXmlTGLKAbeRFJpOHTTs63y\ngcmcuE+vGCpdBHQkaCev8cve1urpJRcxurura6+bYaENO6ua5VzF9BQlDYve0YwY\nlbJiRKmEWEAyULjbIebZW41Z4UqVG3MQI750PRWPW4WJ2kDhksFXN1gwSnaM46KR\nPmVA0SL+RCPcAp/VkImCv0eqv9exsglY0K/QiJfLy3zZ8QvAn0wYgZ3AvH3lr9rJ\nT7pg9WDb+OkfeEQ7INubqSthhaqCLd4zwbMRlpyvg1cMSq0zRvrFpwVlSY85lW4F\ng/tgjJ99W9VZAoIBAH3OYRVDAmrFYCoMn+AzA/RsIOEBqL8kaz/Pfh9K4D01CQ/x\naqryiqqpFwvXS4fLmaClIMwkvgq/90ulvuCGXeSG52D+NwW58qxQCxgTPhoA9yM9\nVueXKz3I/mpfLNftox8sskxl1qO/nfnu15cXkqVBe4ouD+53ZjhAZPSeQZwHi05h\nCbJ20gl66M+yG+6LZvXE96P8+ZQV80qskFmGdaPozAzdTZ3xzp7D1wegJpTz3j20\n3ULKAiIb5guZNU0tEZz5ikeOqsQt3u6/pVTeDZR0dxnyFUf/oOjmSorSG75WT3sA\n0ZiR0SH5mhFR2Nf1TJ4JHmFaQDMQqo+EG6lEbAECggEAA7kGnuQ0lSCiI3RQV9Wy\nAa9uAFtyE8/XzJWPaWlnoFk04jtoldIKyzHOsVU0GOYOiyKeTWmMFtTGANre8l51\nizYiTuVBmK+JD/2Z8/fgl8dcoyiqzvwy56kX3QUEO5dcKO48cMohneIiNbB7PnrM\nTpA3OfkwnJQGrX0/66GWrLYP8qmBDv1AIgYMilAa40VdSyZbNTpIdDgfP6bU9Ily\nG7gnyF47HHPt5Cx4ouArbMvV1rof7ytCrfCEhP21Lc46Ryxy81W5ZyzoQfSxfdKb\nGyDR+jkryVRyG69QJf5nCXfNewWbFR4ohVtZ78DNVkjvvLYvr4qxYYLK8PI3YMwL\nsQKCAQB9lo7JadzKVio+C18EfNikOzoriQOaIYowNaaGDw3/9KwIhRsKgoTs+K5O\ngt/gUoPRGd3M2z4hn5j4wgeuFi7HC1MdMWwvgat93h7R1YxiyaOoCTxH1klbB/3K\n4fskdQRxuM8McUebebrp0qT5E0xs2l+ABmt30Dtd3iRrQ5BBjnRc4V//sQiwS1aC\nYi5eNYCQ96BSAEo1dxJh5RI/QxF2HEPUuoPM8iXrIJhyg9TEEpbrEJcxeagWk02y\nOMEoUbWbX07OzFVvu+aJaN/GlgiogMQhb6IiNTyMlryFUleF+9OBA8xGHqGWA6nR\nOaRA5ZbdE7g7vxKRV36jT3wvD7W+\n-----END PRIVATE KEY-----\n"))
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	s := &session{kv: kv}
 	uid := id.NewIdFromString("zezima", id.User, i)
diff --git a/storage/user/cryptographic.go b/storage/user/cryptographic.go
index f65ca13abf18dfbddc6af24d941cb051a53b64b2..d84938c5210481844c7b4dff75a568075adfbf25 100644
--- a/storage/user/cryptographic.go
+++ b/storage/user/cryptographic.go
@@ -16,7 +16,8 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/utility"
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
+	oldRsa "gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 )
@@ -28,10 +29,10 @@ const cryptographicIdentityKey = "cryptographicIdentity"
 type CryptographicIdentity struct {
 	transmissionID     *id.ID
 	transmissionSalt   []byte
-	transmissionRsaKey *rsa.PrivateKey
+	transmissionRsaKey rsa.PrivateKey
 	receptionID        *id.ID
 	receptionSalt      []byte
-	receptionRsaKey    *rsa.PrivateKey
+	receptionRsaKey    rsa.PrivateKey
 	isPrecanned        bool
 	e2eDhPrivateKey    *cyclic.Int
 	e2eDhPublicKey     *cyclic.Int
@@ -40,20 +41,20 @@ type CryptographicIdentity struct {
 type ciDisk struct {
 	TransmissionID     *id.ID
 	TransmissionSalt   []byte
-	TransmissionRsaKey *rsa.PrivateKey
+	TransmissionRsaKey *oldRsa.PrivateKey
 	ReceptionID        *id.ID
 	ReceptionSalt      []byte
-	ReceptionRsaKey    *rsa.PrivateKey
+	ReceptionRsaKey    *oldRsa.PrivateKey
 	IsPrecanned        bool
 }
 
 type ciDiskV1 struct {
 	TransmissionID     *id.ID
 	TransmissionSalt   []byte
-	TransmissionRsaKey *rsa.PrivateKey
+	TransmissionRsaKey *oldRsa.PrivateKey
 	ReceptionID        *id.ID
 	ReceptionSalt      []byte
-	ReceptionRsaKey    *rsa.PrivateKey
+	ReceptionRsaKey    *oldRsa.PrivateKey
 	IsPrecanned        bool
 	E2eDhPrivateKey    []byte
 	E2eDhPublicKey     []byte
@@ -61,7 +62,7 @@ type ciDiskV1 struct {
 
 func newCryptographicIdentity(transmissionID, receptionID *id.ID,
 	transmissionSalt, receptionSalt []byte,
-	transmissionRsa, receptionRsa *rsa.PrivateKey,
+	transmissionRsa, receptionRsa rsa.PrivateKey,
 	isPrecanned bool, e2eDhPrivateKey, e2eDhPublicKey *cyclic.Int,
 	kv *versioned.KV) *CryptographicIdentity {
 
@@ -103,9 +104,11 @@ func loadOriginalCryptographicIdentity(kv *versioned.KV) (*CryptographicIdentity
 		return nil, err
 	}
 
+	sch := rsa.GetScheme()
+
 	result.isPrecanned = decodable.IsPrecanned
-	result.receptionRsaKey = decodable.ReceptionRsaKey
-	result.transmissionRsaKey = decodable.TransmissionRsaKey
+	result.receptionRsaKey = sch.Convert(&decodable.ReceptionRsaKey.PrivateKey)
+	result.transmissionRsaKey = sch.Convert(&decodable.TransmissionRsaKey.PrivateKey)
 	result.transmissionSalt = decodable.TransmissionSalt
 	result.transmissionID = decodable.TransmissionID
 	result.receptionID = decodable.ReceptionID
@@ -135,9 +138,11 @@ func loadCryptographicIdentity(kv *versioned.KV) (*CryptographicIdentity, error)
 		return nil, err
 	}
 
+	sch := rsa.GetScheme()
+
 	result.isPrecanned = decodable.IsPrecanned
-	result.receptionRsaKey = decodable.ReceptionRsaKey
-	result.transmissionRsaKey = decodable.TransmissionRsaKey
+	result.receptionRsaKey = sch.Convert(&decodable.ReceptionRsaKey.PrivateKey)
+	result.transmissionRsaKey = sch.Convert(&decodable.TransmissionRsaKey.PrivateKey)
 	result.transmissionSalt = decodable.TransmissionSalt
 	result.transmissionID = decodable.TransmissionID
 	result.receptionID = decodable.ReceptionID
@@ -196,10 +201,10 @@ func (ci *CryptographicIdentity) save(kv *versioned.KV) error {
 	encodable := &ciDiskV1{
 		TransmissionID:     ci.transmissionID,
 		TransmissionSalt:   ci.transmissionSalt,
-		TransmissionRsaKey: ci.transmissionRsaKey,
+		TransmissionRsaKey: &oldRsa.PrivateKey{PrivateKey: *ci.transmissionRsaKey.GetGoRSA()},
 		ReceptionID:        ci.receptionID,
 		ReceptionSalt:      ci.receptionSalt,
-		ReceptionRsaKey:    ci.receptionRsaKey,
+		ReceptionRsaKey:    &oldRsa.PrivateKey{PrivateKey: *ci.receptionRsaKey.GetGoRSA()},
 		IsPrecanned:        ci.isPrecanned,
 		E2eDhPrivateKey:    dhPriv,
 		E2eDhPublicKey:     dhPub,
@@ -235,11 +240,11 @@ func (ci *CryptographicIdentity) GetReceptionSalt() []byte {
 	return ci.receptionSalt
 }
 
-func (ci *CryptographicIdentity) GetReceptionRSA() *rsa.PrivateKey {
+func (ci *CryptographicIdentity) GetReceptionRSA() rsa.PrivateKey {
 	return ci.receptionRsaKey
 }
 
-func (ci *CryptographicIdentity) GetTransmissionRSA() *rsa.PrivateKey {
+func (ci *CryptographicIdentity) GetTransmissionRSA() rsa.PrivateKey {
 	return ci.transmissionRsaKey
 }
 
diff --git a/storage/user/cryptographic_test.go b/storage/user/cryptographic_test.go
index 90d7df378d027c9df4b2f9a1b2bd7de238f66a12..7996f702cd711c65cde9040e16b244d59a9b5cfe 100644
--- a/storage/user/cryptographic_test.go
+++ b/storage/user/cryptographic_test.go
@@ -13,9 +13,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/diffieHellman"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"testing"
 )
@@ -32,8 +32,13 @@ func TestNewCryptographicIdentity(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	_ = newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	sch := rsa.GetScheme()
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	_ = newCryptographicIdentity(uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey, kv)
 
 	_, err := kv.Get(cryptographicIdentityKey, currentCryptographicIdentityVersion)
 	if err != nil {
@@ -53,8 +58,13 @@ func TestLoadCryptographicIdentity(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	sch := rsa.GetScheme()
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	ci := newCryptographicIdentity(uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey, kv)
 
 	err := ci.save(kv)
 	if err != nil {
@@ -72,19 +82,22 @@ func TestLoadCryptographicIdentity(t *testing.T) {
 
 // Happy path for GetReceptionRSA function
 func TestCryptographicIdentity_GetReceptionRSA(t *testing.T) {
+
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
-	pk1, err := rsa.GenerateKey(rand.Reader, 64)
+	pk1, err := sch.Generate(prng, 64)
 	if err != nil {
 		t.Errorf("Failed to generate pk1")
 	}
-	pk2, err := rsa.GenerateKey(rand.Reader, 64)
+	pk2, err := sch.Generate(prng, 64)
 	if err != nil {
 		t.Errorf("Failed to generate pk2")
 	}
 	salt := []byte("salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
@@ -92,26 +105,28 @@ func TestCryptographicIdentity_GetReceptionRSA(t *testing.T) {
 
 	ci := newCryptographicIdentity(
 		uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv)
-	if ci.GetReceptionRSA().D != pk2.D {
+	if ci.GetReceptionRSA().GetD().Cmp(pk2.GetD()) != 0 {
 		t.Errorf("Did not receive expected RSA key.  Expected: %+v, Received: %+v", pk2, ci.GetReceptionRSA())
 	}
 }
 
 // Happy path for GetTransmissionRSA function
 func TestCryptographicIdentity_GetTransmissionRSA(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
-	pk1, err := rsa.GenerateKey(rand.Reader, 64)
+	pk1, err := sch.Generate(prng, 64)
 	if err != nil {
 		t.Errorf("Failed to generate pk1")
 	}
-	pk2, err := rsa.GenerateKey(rand.Reader, 64)
+	pk2, err := sch.Generate(prng, 64)
 	if err != nil {
 		t.Errorf("Failed to generate pk2")
 	}
 	salt := []byte("salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
@@ -119,26 +134,31 @@ func TestCryptographicIdentity_GetTransmissionRSA(t *testing.T) {
 
 	ci := newCryptographicIdentity(
 		uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv)
-	if ci.GetTransmissionRSA().D != pk1.D {
+	if ci.GetTransmissionRSA().GetD().Cmp(pk1.GetD()) != 0 {
 		t.Errorf("Did not receive expected RSA key.  Expected: %+v, Received: %+v", pk1, ci.GetTransmissionRSA())
 	}
 }
 
 // Happy path for GetSalt function
 func TestCryptographicIdentity_GetTransmissionSalt(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	ts := []byte("transmission salt")
 	rs := []byte("reception salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	ci := newCryptographicIdentity(uid, uid, ts, rs, transmission,
+		reception, false, dhPrivKey, dhPubKey, kv)
 	if bytes.Compare(ci.GetTransmissionSalt(), ts) != 0 {
 		t.Errorf("Did not get expected salt.  Expected: %+v, Received: %+v", ts, ci.GetTransmissionSalt())
 	}
@@ -146,19 +166,24 @@ func TestCryptographicIdentity_GetTransmissionSalt(t *testing.T) {
 
 // Happy path for GetSalt function
 func TestCryptographicIdentity_GetReceptionSalt(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	ts := []byte("transmission salt")
 	rs := []byte("reception salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	ci := newCryptographicIdentity(uid, uid, ts, rs, transmission,
+		reception, false, dhPrivKey, dhPubKey, kv)
 	if bytes.Compare(ci.GetReceptionSalt(), rs) != 0 {
 		t.Errorf("Did not get expected salt.  Expected: %+v, Received: %+v", rs, ci.GetReceptionSalt())
 	}
@@ -166,18 +191,23 @@ func TestCryptographicIdentity_GetReceptionSalt(t *testing.T) {
 
 // Happy path for GetUserID function
 func TestCryptographicIdentity_GetTransmissionID(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	rid := id.NewIdFromString("zezima", id.User, t)
 	tid := id.NewIdFromString("jakexx360", id.User, t)
 	salt := []byte("salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	ci := newCryptographicIdentity(tid, rid, salt, salt, transmission, reception, false, dhPrivKey, dhPubKey, kv)
 	if !ci.GetTransmissionID().Cmp(tid) {
 		t.Errorf("Did not receive expected user ID.  Expected: %+v, Received: %+v", tid, ci.GetTransmissionID())
 	}
@@ -185,18 +215,23 @@ func TestCryptographicIdentity_GetTransmissionID(t *testing.T) {
 
 // Happy path for GetUserID function
 func TestCryptographicIdentity_GetReceptionID(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	rid := id.NewIdFromString("zezima", id.User, t)
 	tid := id.NewIdFromString("jakexx360", id.User, t)
 	salt := []byte("salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	ci := newCryptographicIdentity(tid, rid, salt, salt, transmission, reception, false, dhPrivKey, dhPubKey, kv)
 	if !ci.GetReceptionID().Cmp(rid) {
 		t.Errorf("Did not receive expected user ID.  Expected: %+v, Received: %+v", rid, ci.GetReceptionID())
 	}
@@ -204,17 +239,22 @@ func TestCryptographicIdentity_GetReceptionID(t *testing.T) {
 
 // Happy path for IsPrecanned functions
 func TestCryptographicIdentity_IsPrecanned(t *testing.T) {
+	sch := rsa.GetScheme()
+	prng := rand.Reader
+
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("zezima", id.User, t)
 	salt := []byte("salt")
 
-	prng := rand.Reader
 	grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2))
 	dhPrivKey := diffieHellman.GeneratePrivateKey(
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, true, dhPrivKey, dhPubKey, kv)
+	ci := newCryptographicIdentity(uid, uid, salt, salt, transmission, reception, true, dhPrivKey, dhPubKey, kv)
 	if !ci.IsPrecanned() {
 		t.Error("I really don't know how this could happen")
 	}
diff --git a/storage/user/info.go b/storage/user/info.go
index a16b4b754a625c386f0dc569f911188b22e742a7..dcbc0dee933dd60c9c1753b681a3ef1c60fca34e 100644
--- a/storage/user/info.go
+++ b/storage/user/info.go
@@ -10,7 +10,7 @@ package user
 import (
 	"gitlab.com/elixxir/crypto/backup"
 	"gitlab.com/elixxir/crypto/cyclic"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/primitives/id"
 )
 
@@ -18,10 +18,10 @@ type Proto struct {
 	//General Identity
 	TransmissionID   *id.ID
 	TransmissionSalt []byte
-	TransmissionRSA  *rsa.PrivateKey
+	TransmissionRSA  rsa.PrivateKey
 	ReceptionID      *id.ID
 	ReceptionSalt    []byte
-	ReceptionRSA     *rsa.PrivateKey
+	ReceptionRSA     rsa.PrivateKey
 	Precanned        bool
 	// Timestamp in which user has registered with the network
 	RegistrationTimestamp int64
@@ -40,10 +40,10 @@ type Info struct {
 	//General Identity
 	TransmissionID   *id.ID
 	TransmissionSalt []byte
-	TransmissionRSA  *rsa.PrivateKey
+	TransmissionRSA  rsa.PrivateKey
 	ReceptionID      *id.ID
 	ReceptionSalt    []byte
-	ReceptionRSA     *rsa.PrivateKey
+	ReceptionRSA     rsa.PrivateKey
 	Precanned        bool
 	// Timestamp in which user has registered with the network
 	RegistrationTimestamp int64
@@ -69,13 +69,14 @@ func NewUserFromProto(proto *Proto) Info {
 }
 
 func NewUserFromBackup(backup *backup.Backup) Info {
+	sch := rsa.GetScheme()
 	return Info{
 		TransmissionID:        backup.TransmissionIdentity.ComputedID,
 		TransmissionSalt:      backup.TransmissionIdentity.Salt,
-		TransmissionRSA:       backup.TransmissionIdentity.RSASigningPrivateKey,
+		TransmissionRSA:       sch.Convert(&backup.TransmissionIdentity.RSASigningPrivateKey.PrivateKey),
 		ReceptionID:           backup.ReceptionIdentity.ComputedID,
 		ReceptionSalt:         backup.ReceptionIdentity.Salt,
-		ReceptionRSA:          backup.ReceptionIdentity.RSASigningPrivateKey,
+		ReceptionRSA:          sch.Convert(&backup.ReceptionIdentity.RSASigningPrivateKey.PrivateKey),
 		Precanned:             false,
 		RegistrationTimestamp: backup.RegistrationTimestamp,
 		E2eDhPrivateKey:       backup.ReceptionIdentity.DHPrivateKey,
diff --git a/storage/user/registation_test.go b/storage/user/registation_test.go
index 3d9efddf514f729408bf5e9a29096ae11cfd027b..fea4ecb8feca9abc4f97fb166fb606c2de4c603a 100644
--- a/storage/user/registation_test.go
+++ b/storage/user/registation_test.go
@@ -13,9 +13,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/diffieHellman"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 	"math/rand"
@@ -25,6 +25,8 @@ import (
 
 // Test User GetRegistrationValidationSignature function
 func TestUser_GetRegistrationValidationSignature(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -35,8 +37,11 @@ func TestUser_GetRegistrationValidationSignature(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -68,6 +73,8 @@ func TestUser_GetRegistrationValidationSignature(t *testing.T) {
 
 // Test SetRegistrationValidationSignature setter
 func TestUser_SetRegistrationValidationSignature(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -78,8 +85,11 @@ func TestUser_SetRegistrationValidationSignature(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -119,6 +129,8 @@ func TestUser_SetRegistrationValidationSignature(t *testing.T) {
 
 // Test loading registrationValidationSignature from the KV store
 func TestUser_loadRegistrationValidationSignature(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -129,8 +141,11 @@ func TestUser_loadRegistrationValidationSignature(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -170,6 +185,8 @@ func TestUser_loadRegistrationValidationSignature(t *testing.T) {
 
 // Test User's getter/setter functions for TimeStamp
 func TestUser_GetRegistrationTimestamp(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -180,8 +197,11 @@ func TestUser_GetRegistrationTimestamp(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -227,6 +247,8 @@ func TestUser_GetRegistrationTimestamp(t *testing.T) {
 
 // Test loading registrationTimestamp from the KV store
 func TestUser_loadRegistrationTimestamp(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -237,8 +259,11 @@ func TestUser_loadRegistrationTimestamp(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
diff --git a/storage/user/user.go b/storage/user/user.go
index 984af7fee0cec1a0406b72d98e38b8ef06757911..d26e29781c9d9f1851c0c30024fd4f4cf54c7484 100644
--- a/storage/user/user.go
+++ b/storage/user/user.go
@@ -11,7 +11,7 @@ import (
 	"github.com/pkg/errors"
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"sync"
 	"time"
@@ -34,7 +34,7 @@ type User struct {
 
 // builds a new user.
 func NewUser(kv *versioned.KV, transmissionID, receptionID *id.ID, transmissionSalt,
-	receptionSalt []byte, transmissionRsa, receptionRsa *rsa.PrivateKey, isPrecanned bool,
+	receptionSalt []byte, transmissionRsa, receptionRsa rsa.PrivateKey, isPrecanned bool,
 	e2eDhPrivateKey, e2eDhPublicKey *cyclic.Int) (*User, error) {
 
 	ci := newCryptographicIdentity(transmissionID, receptionID, transmissionSalt,
diff --git a/storage/user/user_test.go b/storage/user/user_test.go
index c8b97b9e30d304a323803d025645739bb76a6e7e..8a2169be9db7afb2e9d3e92839ce9099da5c44a4 100644
--- a/storage/user/user_test.go
+++ b/storage/user/user_test.go
@@ -11,9 +11,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/diffieHellman"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"math/rand"
 	"testing"
@@ -21,6 +21,8 @@ import (
 
 // Test loading user from a KV store
 func TestLoadUser(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	_, err := LoadUser(kv)
 
@@ -37,8 +39,11 @@ func TestLoadUser(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	ci := newCryptographicIdentity(uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey, kv)
 	err = ci.save(kv)
 	if err != nil {
 		t.Errorf("Failed to save ci to kv: %+v", err)
@@ -52,6 +57,8 @@ func TestLoadUser(t *testing.T) {
 
 // Test NewUser function
 func TestNewUser(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	uid := id.NewIdFromString("test", id.User, t)
 	salt := []byte("salt")
@@ -62,8 +69,11 @@ func TestNewUser(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, uid, uid, salt, salt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
diff --git a/storage/user/username_test.go b/storage/user/username_test.go
index 34d617359e8ed7e463fa454ce0ea54867983a749..01ea538815a9bca6aa5b5a02f3547140c705a277 100644
--- a/storage/user/username_test.go
+++ b/storage/user/username_test.go
@@ -11,9 +11,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/diffieHellman"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
 	"math/rand"
@@ -22,6 +22,8 @@ import (
 
 // Test normal function and errors for User's SetUsername function
 func TestUser_SetUsername(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	tid := id.NewIdFromString("trans", id.User, t)
 	rid := id.NewIdFromString("recv", id.User, t)
@@ -34,8 +36,11 @@ func TestUser_SetUsername(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -64,6 +69,8 @@ func TestUser_SetUsername(t *testing.T) {
 
 // Test functionality of User's GetUsername function
 func TestUser_GetUsername(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	tid := id.NewIdFromString("trans", id.User, t)
 	rid := id.NewIdFromString("recv", id.User, t)
@@ -76,8 +83,11 @@ func TestUser_GetUsername(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
@@ -100,6 +110,8 @@ func TestUser_GetUsername(t *testing.T) {
 
 // Test the loadUsername helper function
 func TestUser_loadUsername(t *testing.T) {
+	sch := rsa.GetScheme()
+
 	kv := versioned.NewKV(ekv.MakeMemstore())
 	tid := id.NewIdFromString("trans", id.User, t)
 	rid := id.NewIdFromString("recv", id.User, t)
@@ -112,8 +124,11 @@ func TestUser_loadUsername(t *testing.T) {
 		diffieHellman.DefaultPrivateKeyLength, grp, prng)
 	dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp)
 
-	u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{},
-		&rsa.PrivateKey{}, false, dhPrivKey, dhPubKey)
+	transmission, _ := sch.Generate(prng, 64)
+	reception, _ := sch.Generate(prng, 64)
+
+	u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission,
+		reception, false, dhPrivKey, dhPubKey)
 	if err != nil || u == nil {
 		t.Errorf("Failed to create new user: %+v", err)
 	}
diff --git a/ud/addFact.go b/ud/addFact.go
index 069a4f4251800b92d12751a45cdaa24dbd73008b..ed80c480da2cb3dc33b988367067fcac35a7b3d7 100644
--- a/ud/addFact.go
+++ b/ud/addFact.go
@@ -14,7 +14,6 @@ import (
 	"gitlab.com/elixxir/crypto/factID"
 	"gitlab.com/elixxir/crypto/hash"
 	"gitlab.com/elixxir/primitives/fact"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 )
 
@@ -53,7 +52,7 @@ func (m *Manager) addFact(inFact fact.Fact, myId *id.ID,
 	}
 	stream := m.getRng().GetStream()
 	defer stream.Close()
-	fSig, err := rsa.Sign(stream, privKey, hash.CMixHash, fHash, nil)
+	fSig, err := privKey.SignPSS(stream, hash.CMixHash, fHash, nil)
 	if err != nil {
 		return "", err
 	}
diff --git a/ud/channelIDTracking_test.go b/ud/channelIDTracking_test.go
index 7a3c6c1cb564b6c59e1544a49efd61605a129479..a0ae578436648f5b0bcdad5dff159b817ea2f25e 100644
--- a/ud/channelIDTracking_test.go
+++ b/ud/channelIDTracking_test.go
@@ -8,9 +8,9 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 
 	"gitlab.com/elixxir/client/v4/event"
@@ -79,7 +79,8 @@ func TestChannelIDTracking(t *testing.T) {
 
 	// comms AddHost
 	stream := rngGen.GetStream()
-	privKey, err := rsa.GenerateKey(stream, 1024)
+	sch := rsa.GetScheme()
+	privKey, err := sch.Generate(stream, 1024)
 	require.NoError(t, err)
 
 	tnm := newTestNetworkManager(t)
@@ -123,7 +124,7 @@ func TestChannelIDTracking(t *testing.T) {
 	rsaPrivKey, err := m.user.GetReceptionIdentity().GetRSAPrivateKey()
 	require.NoError(t, err)
 
-	comms.SetUserRSAPubKey(rsaPrivKey.GetPublic())
+	comms.SetUserRSAPubKey(rsaPrivKey.Public())
 	comms.SetUDEd25519PrivateKey(&udPrivKey)
 	comms.SetUsername(username)
 
diff --git a/ud/mockComms_test.go b/ud/mockComms_test.go
index b77efc11a502e72036b343708e993ede522f46ba..fbd571b46d9b85b43d37e0ba2e5d1e99f4e85a4a 100644
--- a/ud/mockComms_test.go
+++ b/ud/mockComms_test.go
@@ -11,9 +11,9 @@ import (
 	"crypto/ed25519"
 	"time"
 
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/comms/messages"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 
 	pb "gitlab.com/elixxir/comms/mixmessages"
@@ -22,7 +22,7 @@ import (
 
 type mockComms struct {
 	udHost            *connect.Host
-	userRsaPub        *rsa.PublicKey
+	userRsaPub        rsa.PublicKey
 	userEd25519PubKey []byte
 	udPrivKey         *ed25519.PrivateKey
 	username          string
@@ -66,7 +66,7 @@ func (m *mockComms) SetUDEd25519PrivateKey(key *ed25519.PrivateKey) {
 	m.udPrivKey = key
 }
 
-func (m *mockComms) SetUserRSAPubKey(userRsaPub *rsa.PublicKey) {
+func (m *mockComms) SetUserRSAPubKey(userRsaPub rsa.PublicKey) {
 	m.userRsaPub = userRsaPub
 }
 
diff --git a/ud/mockE2e_test.go b/ud/mockE2e_test.go
index 99b03bf625fe3e0b968d68ebf704efd52abda502..390338a448130037fa8460722ed993cedb38d817 100644
--- a/ud/mockE2e_test.go
+++ b/ud/mockE2e_test.go
@@ -24,8 +24,8 @@ import (
 	"gitlab.com/elixxir/crypto/cyclic"
 	cryptoE2e "gitlab.com/elixxir/crypto/e2e"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"testing"
 	"time"
@@ -43,7 +43,7 @@ type mockE2e struct {
 	network   cmix.Client
 	mockStore mockStorage
 	t         testing.TB
-	key       *rsa.PrivateKey
+	key       rsa.PrivateKey
 }
 
 func (m mockE2e) GetBackupContainer() *xxdk.Container {
@@ -61,7 +61,7 @@ func (m mockE2e) GetReceptionIdentity() xxdk.ReceptionIdentity {
 
 	return xxdk.ReceptionIdentity{
 		ID:            id.NewIdFromString("test", id.User, m.t),
-		RSAPrivatePem: rsa.CreatePrivateKeyPem(m.key),
+		RSAPrivatePem: m.key.MarshalPem(),
 		Salt:          []byte("test"),
 		DHKeyPrivate:  dhPrivKey,
 		E2eGrp:        grp,
diff --git a/ud/mockStore_test.go b/ud/mockStore_test.go
index c86276a77587b69729ed450050690fe0bf58ae64..f2fb390adcd7dfb3a3ec672c9fb0cb7bbf47f441 100644
--- a/ud/mockStore_test.go
+++ b/ud/mockStore_test.go
@@ -12,9 +12,9 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/user"
 	"gitlab.com/elixxir/client/v4/storage/versioned"
 	"gitlab.com/elixxir/crypto/cyclic"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/elixxir/primitives/version"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
 	"time"
@@ -106,12 +106,12 @@ func (m mockStorage) GetReceptionSalt() []byte {
 	panic("implement me")
 }
 
-func (m mockStorage) GetReceptionRSA() *rsa.PrivateKey {
+func (m mockStorage) GetReceptionRSA() rsa.PrivateKey {
 	//TODO implement me
 	panic("implement me")
 }
 
-func (m mockStorage) GetTransmissionRSA() *rsa.PrivateKey {
+func (m mockStorage) GetTransmissionRSA() rsa.PrivateKey {
 	//TODO implement me
 	panic("implement me")
 }
diff --git a/ud/register.go b/ud/register.go
index 0cf1f7ba80fe6e1507873db227d9c83f054da68d..f9e76eb8518292eb3169ba601e8088db2fab5cf1 100644
--- a/ud/register.go
+++ b/ud/register.go
@@ -16,7 +16,6 @@ import (
 	"gitlab.com/elixxir/crypto/hash"
 	"gitlab.com/elixxir/primitives/fact"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 )
 
 // register initiates registration with user discovery given a specified
@@ -43,7 +42,7 @@ func (m *Manager) register(username string, networkSignature []byte,
 	// Construct the user registration message
 	msg := &pb.UDBUserRegistration{
 		PermissioningSignature: networkSignature,
-		RSAPublicPem:           string(rsa.CreatePublicKeyPem(privKey.GetPublic())),
+		RSAPublicPem:           string(privKey.Public().MarshalPem()),
 		IdentityRegistration: &pb.Identity{
 			Username: username,
 			DhPubKey: dhKeyPub.Bytes(),
@@ -55,7 +54,7 @@ func (m *Manager) register(username string, networkSignature []byte,
 
 	// Sign the identity data and add to user registration message
 	identityDigest := msg.IdentityRegistration.Digest()
-	msg.IdentitySignature, err = rsa.Sign(rng, privKey,
+	msg.IdentitySignature, err = privKey.SignPSS(rng,
 		hash.CMixHash, identityDigest, nil)
 	if err != nil {
 		return errors.Errorf("Failed to sign user's IdentityRegistration: %+v", err)
@@ -69,7 +68,7 @@ func (m *Manager) register(username string, networkSignature []byte,
 
 	// Hash and sign fact
 	hashedFact := factID.Fingerprint(usernameFact)
-	signedFact, err := rsa.Sign(rng, privKey, hash.CMixHash, hashedFact, nil)
+	signedFact, err := privKey.SignPSS(rng, hash.CMixHash, hashedFact, nil)
 	if err != nil {
 		return errors.Errorf("Failed to sign fact: %v", err)
 	}
diff --git a/ud/remove.go b/ud/remove.go
index e2a719c70f6e0d40659dbf0b6dbbedb3b327632d..d2dbb6c6157a918e0b051e6fbcd0d505c63f5653 100644
--- a/ud/remove.go
+++ b/ud/remove.go
@@ -14,9 +14,9 @@ import (
 	"gitlab.com/elixxir/comms/mixmessages"
 	"gitlab.com/elixxir/crypto/factID"
 	"gitlab.com/elixxir/crypto/hash"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/primitives/fact"
 	"gitlab.com/xx_network/comms/connect"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 )
 
@@ -58,7 +58,7 @@ func (m *Manager) removeFact(f fact.Fact,
 	}
 	stream := m.getRng().GetStream()
 	defer stream.Close()
-	fSig, err := rsa.Sign(stream, privKey, hash.CMixHash, fHash, nil)
+	fSig, err := privKey.SignPSS(stream, hash.CMixHash, fHash, nil)
 	if err != nil {
 		return err
 	}
@@ -99,7 +99,7 @@ func (m *Manager) PermanentDeleteAccount(f fact.Fact) error {
 }
 
 // permanentDeleteAccount is a helper function for PermanentDeleteAccount.
-func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey *rsa.PrivateKey,
+func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey rsa.PrivateKey,
 	rFC removeUserComms, udHost *connect.Host) error {
 
 	// Construct the message to send
@@ -115,7 +115,7 @@ func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey *r
 	// Sign our inFact for putting into the request
 	stream := m.getRng().GetStream()
 	defer stream.Close()
-	fsig, err := rsa.Sign(stream, privateKey, hash.CMixHash, fHash, nil)
+	fsig, err := privateKey.SignPSS(stream, hash.CMixHash, fHash, nil)
 	if err != nil {
 		return err
 	}
diff --git a/ud/utils_test.go b/ud/utils_test.go
index 1ffce2b8452bea4d086c23c7b3a2f832d91d8512..9152dbec17fcbc50965a5b2829e57e6aec1ac9c8 100644
--- a/ud/utils_test.go
+++ b/ud/utils_test.go
@@ -20,10 +20,10 @@ import (
 	"gitlab.com/elixxir/crypto/contact"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"io"
 	"math/rand"
 	"testing"
@@ -42,9 +42,11 @@ func newTestManager(t *testing.T) (*Manager, *testNetworkManager) {
 		t.Fatalf("Failed to initialize store %v", err)
 	}
 
+	sch := rsa.GetScheme()
+
 	rngGen := fastRNG.NewStreamGenerator(1000, 10, csprng.NewSystemRNG)
 	stream := rngGen.GetStream()
-	privKey, err := rsa.GenerateKey(stream, 1024)
+	privKey, err := sch.Generate(stream, 1024)
 	stream.Close()
 
 	// Create our Manager object
@@ -155,7 +157,7 @@ func getGroup() *cyclic.Group {
 
 type mockUser struct {
 	testing *testing.T
-	key     *rsa.PrivateKey
+	key     rsa.PrivateKey
 }
 
 func (m mockUser) PortableUserInfo() user.Info {
diff --git a/xxdk/cmix.go b/xxdk/cmix.go
index b81ea31c8ebdef8e0ee4a15ec1d0f2cce508a90a..26f51d277ced788ce6e02959a5371df10f53db2f 100644
--- a/xxdk/cmix.go
+++ b/xxdk/cmix.go
@@ -29,7 +29,6 @@ import (
 	"gitlab.com/xx_network/comms/connect"
 	"gitlab.com/xx_network/crypto/csprng"
 	"gitlab.com/xx_network/crypto/large"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/ndf"
 	"gitlab.com/xx_network/primitives/region"
@@ -253,8 +252,8 @@ func (c *Cmix) initComms() error {
 	// get the user from session
 	transmissionIdentity := c.GetTransmissionIdentity()
 	privKey := transmissionIdentity.RSAPrivatePem
-	pubPEM := rsa.CreatePublicKeyPem(privKey.GetPublic())
-	privPEM := rsa.CreatePrivateKeyPem(privKey)
+	pubPEM := privKey.Public().MarshalPem()
+	privPEM := privKey.MarshalPem()
 
 	// start comms
 	c.comms, err = client.NewClientComms(transmissionIdentity.ID,
diff --git a/xxdk/e2e.go b/xxdk/e2e.go
index fd2b95f589b3a3476e2a0017304867850af37ba6..37354667d1ffd0db32cb08a0ac432c4a6c03acff 100644
--- a/xxdk/e2e.go
+++ b/xxdk/e2e.go
@@ -121,7 +121,7 @@ func login(net *Cmix, callbacks AuthCallbacks, identity ReceptionIdentity,
 	if err != nil {
 		return nil, err
 	}
-	generatedId, err := xx.NewID(privatePem.GetPublic(), identity.Salt, id.User)
+	generatedId, err := xx.NewID(privatePem.Public().GetOldRSA(), identity.Salt, id.User)
 	if err != nil {
 		return nil, err
 	}
diff --git a/xxdk/identity.go b/xxdk/identity.go
index 867b8646986e5d4d9b95783ec341508c4ad1bdf4..7deee60c71cae0ab9b9ce50947b0ff80712c567a 100644
--- a/xxdk/identity.go
+++ b/xxdk/identity.go
@@ -16,7 +16,7 @@ import (
 	"gitlab.com/elixxir/crypto/contact"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/diffieHellman"
-	"gitlab.com/xx_network/crypto/signature/rsa"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
@@ -82,8 +82,9 @@ func (r ReceptionIdentity) GetDHKeyPrivate() (*cyclic.Int, error) {
 }
 
 // GetRSAPrivateKey returns the RSAPrivatePem.
-func (r ReceptionIdentity) GetRSAPrivateKey() (*rsa.PrivateKey, error) {
-	return rsa.LoadPrivateKeyFromPem(r.RSAPrivatePem)
+func (r ReceptionIdentity) GetRSAPrivateKey() (rsa.PrivateKey, error) {
+	sch := rsa.GetScheme()
+	return sch.UnmarshalPrivateKeyPEM(r.RSAPrivatePem)
 }
 
 // GetGroup returns the cyclic.Group.
@@ -99,8 +100,10 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) {
 	defer rng.Close()
 	grp := net.GetStorage().GetE2EGroup()
 
+	sch := rsa.GetScheme()
+
 	// Make RSA Key
-	rsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen)
+	rsaKey, err := sch.GenerateDefault(rng)
 	if err != nil {
 		return ReceptionIdentity{}, err
 	}
@@ -113,7 +116,7 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) {
 	privKey := diffieHellman.GeneratePrivateKey(len(grp.GetPBytes()), grp, rng)
 
 	// make the ID
-	newId, err := xx.NewID(rsaKey.GetPublic(), salt, id.User)
+	newId, err := xx.NewID(rsaKey.Public().GetOldRSA(), salt, id.User)
 	if err != nil {
 		return ReceptionIdentity{}, err
 	}
@@ -129,7 +132,7 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) {
 	}
 
 	// Create the identity object
-	rsaPem := rsa.CreatePrivateKeyPem(rsaKey)
+	rsaPem := rsaKey.MarshalPem()
 	I := ReceptionIdentity{
 		ID:            newId,
 		RSAPrivatePem: rsaPem,
@@ -185,7 +188,7 @@ func (r ReceptionIdentity) GetContact() contact.Contact {
 // buildReceptionIdentity creates a new ReceptionIdentity from the given
 // user.Info.
 func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte,
-	receptionRsa *rsa.PrivateKey, e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) (
+	receptionRsa rsa.PrivateKey, e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) (
 	ReceptionIdentity, error) {
 	saltCopy := make([]byte, len(receptionSalt))
 	copy(saltCopy, receptionSalt)
@@ -201,7 +204,7 @@ func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte,
 
 	return ReceptionIdentity{
 		ID:            receptionId.DeepCopy(),
-		RSAPrivatePem: rsa.CreatePrivateKeyPem(receptionRsa),
+		RSAPrivatePem: receptionRsa.MarshalPem(),
 		Salt:          saltCopy,
 		DHKeyPrivate:  privKey,
 		E2eGrp:        grp,
@@ -212,7 +215,7 @@ func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte,
 // network via a specific Cmix object.
 type TransmissionIdentity struct {
 	ID            *id.ID
-	RSAPrivatePem *rsa.PrivateKey
+	RSAPrivatePem rsa.PrivateKey
 	Salt          []byte
 
 	// Timestamp of when the user has registered with the network
diff --git a/xxdk/notifications.go b/xxdk/notifications.go
index f5a9ce96b3cb34765aad2dd2311f0bfec59ded95..cff96b1de704bae9bed5f2fbb7fd1432f4e98bcf 100644
--- a/xxdk/notifications.go
+++ b/xxdk/notifications.go
@@ -12,7 +12,6 @@ import (
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/comms/mixmessages"
 	"gitlab.com/elixxir/crypto/hash"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 )
@@ -35,7 +34,7 @@ func (m *E2e) RegisterForNotifications(token string) error {
 	}
 
 	privKey := m.GetStorage().GetTransmissionRSA()
-	pubPEM := rsa.CreatePublicKeyPem(privKey.GetPublic())
+	pubPEM := privKey.Public().MarshalPem()
 	regSig := m.GetStorage().GetTransmissionRegistrationValidationSignature()
 	regTS := m.GetStorage().GetRegistrationTimestamp()
 
@@ -105,8 +104,7 @@ func (m *E2e) getIidAndSig() ([]byte, []byte, error) {
 	}
 
 	stream := m.GetRng().GetStream()
-	sig, err := rsa.Sign(stream,
-		m.GetStorage().GetTransmissionRSA(),
+	sig, err := m.GetStorage().GetTransmissionRSA().SignPSS(stream,
 		hash.CMixHash, h.Sum(nil), nil)
 	if err != nil {
 		return nil, nil, errors.WithMessage(err,
diff --git a/xxdk/permissioning.go b/xxdk/permissioning.go
index 55a62dbabd9dc19ee391f0acd91984b7d78173ed..46df9bd8dc91a12a4ff99ad89c378548a2356b05 100644
--- a/xxdk/permissioning.go
+++ b/xxdk/permissioning.go
@@ -17,8 +17,8 @@ import (
 // registerWithPermissioning returns an error if registration fails.
 func (c *Cmix) registerWithPermissioning() error {
 	// Get the users public key
-	transmissionPubKey := c.storage.GetTransmissionRSA().GetPublic()
-	receptionPubKey := c.storage.GetReceptionRSA().GetPublic()
+	transmissionPubKey := c.storage.GetTransmissionRSA().Public()
+	receptionPubKey := c.storage.GetReceptionRSA().Public()
 
 	// Load the registration code
 	regCode, err := c.storage.GetRegCode()
diff --git a/xxdk/user.go b/xxdk/user.go
index cac845864c7836b742a391bc2785f3d20c36d986..aaeee9ead0054c132fb166b63fe77ea7bb28a2ad 100644
--- a/xxdk/user.go
+++ b/xxdk/user.go
@@ -21,8 +21,8 @@ import (
 	"gitlab.com/elixxir/client/v4/storage/user"
 	"gitlab.com/elixxir/crypto/cyclic"
 	"gitlab.com/elixxir/crypto/fastRNG"
+	"gitlab.com/elixxir/crypto/rsa"
 	"gitlab.com/xx_network/crypto/csprng"
-	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/crypto/xx"
 	"gitlab.com/xx_network/primitives/id"
 )
@@ -35,19 +35,19 @@ const (
 // createNewUser generates an identity for cMix.
 func createNewUser(rng *fastRNG.StreamGenerator, e2eGroup *cyclic.Group) user.Info {
 	// CMIX Keygen
-	var transmissionRsaKey, receptionRsaKey *rsa.PrivateKey
+	var transmissionRsaKey, receptionRsaKey rsa.PrivateKey
 	var transmissionSalt, receptionSalt []byte
 
 	e2eKeyBytes, transmissionSalt, receptionSalt,
 		transmissionRsaKey, receptionRsaKey := createKeys(rng, e2eGroup)
 
-	transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(),
+	transmissionID, err := xx.NewID(transmissionRsaKey.Public().GetOldRSA(),
 		transmissionSalt, id.User)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
 	}
 
-	receptionID, err := xx.NewID(receptionRsaKey.GetPublic(),
+	receptionID, err := xx.NewID(receptionRsaKey.Public().GetOldRSA(),
 		receptionSalt, id.User)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
@@ -69,7 +69,8 @@ func createNewUser(rng *fastRNG.StreamGenerator, e2eGroup *cyclic.Group) user.In
 
 func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) (
 	e2eKeyBytes, transmissionSalt, receptionSalt []byte,
-	transmissionRsaKey, receptionRsaKey *rsa.PrivateKey) {
+	transmissionRsaKey, receptionRsaKey rsa.PrivateKey) {
+	sch := rsa.GetScheme()
 	wg := sync.WaitGroup{}
 
 	wg.Add(3)
@@ -94,7 +95,7 @@ func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) (
 		defer wg.Done()
 		var err error
 		stream := rng.GetStream()
-		transmissionRsaKey, err = rsa.GenerateKey(stream, rsa.DefaultRSABitLen)
+		transmissionRsaKey, err = sch.GenerateDefault(stream)
 		if err != nil {
 			jww.FATAL.Panicf(err.Error())
 		}
@@ -110,7 +111,7 @@ func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) (
 		defer wg.Done()
 		var err error
 		stream := rng.GetStream()
-		receptionRsaKey, err = rsa.GenerateKey(stream, rsa.DefaultRSABitLen)
+		receptionRsaKey, err = sch.GenerateDefault(stream)
 		if err != nil {
 			jww.FATAL.Panicf(err.Error())
 		}
@@ -137,8 +138,10 @@ func createNewVanityUser(rng csprng.Source,
 
 	e2eKey := diffieHellman.GeneratePrivateKey(keyLen, e2e, rng)
 
+	sch := rsa.GetScheme()
+
 	// RSA Keygen (4096 bit defaults)
-	transmissionRsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen)
+	transmissionRsaKey, err := sch.GenerateDefault(rng)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
 	}
@@ -152,13 +155,13 @@ func createNewVanityUser(rng csprng.Source,
 	if n != SaltSize {
 		jww.FATAL.Panicf("transmissionSalt size too small: %d", n)
 	}
-	transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(),
+	transmissionID, err := xx.NewID(transmissionRsaKey.Public().GetOldRSA(),
 		transmissionSalt, id.User)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
 	}
 
-	receptionRsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen)
+	receptionRsaKey, err := sch.GenerateDefault(rng)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
 	}
@@ -212,7 +215,7 @@ func createNewVanityUser(rng csprng.Source,
 							n)
 					}
 					rID, err := xx.NewID(
-						receptionRsaKey.GetPublic(),
+						receptionRsaKey.Public().GetOldRSA(),
 						rSalt, id.User)
 					if err != nil {
 						jww.FATAL.Panicf(err.Error())
@@ -262,8 +265,10 @@ func createPrecannedUser(precannedID uint, rng csprng.Source, grp *cyclic.Group)
 	binary.BigEndian.PutUint64(userID[:], uint64(precannedID))
 	userID.SetType(id.User)
 
+	sch := rsa.GetScheme()
+
 	// NOTE: not used... RSA Keygen (4096 bit defaults)
-	rsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen)
+	rsaKey, err := sch.GenerateDefault(rng)
 	if err != nil {
 		jww.FATAL.Panicf(err.Error())
 	}