diff --git a/storage/session.go b/storage/session.go
index 73589f00564c3226f02ca7bd6073b636cfb8073b..89836d53ebf70a88a006e007e76c940927f7c9b1 100644
--- a/storage/session.go
+++ b/storage/session.go
@@ -104,7 +104,8 @@ func initStore(baseDir, password string) (*session, error) {
 
 // Creates new UserData in the session
 func New(baseDir, password string, u user.Info,
-	currentVersion version.Version, cmixGrp, e2eGrp *cyclic.Group) (Session, error) {
+	currentVersion version.Version,
+	cmixGrp, e2eGrp *cyclic.Group) (Session, error) {
 
 	s, err := initStore(baseDir, password)
 	if err != nil {
diff --git a/xxdk/cmix.go b/xxdk/cmix.go
index 5e2d919e9e8bce0a3fd97c5b8b8df4552a4d9bb4..2deddd2b35dddf009e6363cfb84c7a624b270c17 100644
--- a/xxdk/cmix.go
+++ b/xxdk/cmix.go
@@ -167,10 +167,12 @@ func OpenCmix(storageDir string, password []byte,
 // NewProtoClient_Unsafe initializes a client object from a JSON containing
 // predefined cryptographic which defines a user. This is designed for some
 // specific deployment procedures and is generally unsafe.
-func NewProtoClient_Unsafe(ndfJSON, storageDir string, password,
-	protoClientJSON []byte) error {
+func NewProtoClient_Unsafe(ndfJSON, storageDir string, password []byte,
+	protoUser *user.Proto) error {
 	jww.INFO.Printf("NewProtoClient_Unsafe")
 
+	usr := user.NewUserFromProto(protoUser)
+
 	def, err := ParseNDF(ndfJSON)
 	if err != nil {
 		return err
@@ -178,14 +180,6 @@ func NewProtoClient_Unsafe(ndfJSON, storageDir string, password,
 
 	cmixGrp, e2eGrp := DecodeGroups(def)
 
-	protoUser := &user.Proto{}
-	err = json.Unmarshal(protoClientJSON, protoUser)
-	if err != nil {
-		return err
-	}
-
-	usr := user.NewUserFromProto(protoUser)
-
 	storageSess, err := CheckVersionAndSetupStorage(def, storageDir,
 		password, usr, cmixGrp, e2eGrp, protoUser.RegCode)
 	if err != nil {
@@ -267,7 +261,7 @@ func LoadCmix(storageDir string, password []byte, parameters Params) (*Cmix, err
 // while replacing the base NDF.  This is designed for some specific deployment
 // procedures and is generally unsafe.
 func LoginWithNewBaseNDF_UNSAFE(storageDir string, password []byte,
-	newBaseNdf string, params Params) (*Cmix, error) {
+	newBaseNdf string, params Params) (*E2e, error) {
 	jww.INFO.Printf("LoginWithNewBaseNDF_UNSAFE()")
 
 	def, err := ParseNDF(newBaseNdf)
@@ -304,7 +298,7 @@ func LoginWithNewBaseNDF_UNSAFE(storageDir string, password []byte,
 		return nil, err
 	}
 
-	return c, nil
+	return LoginLegacy(c, nil)
 }
 
 // LoginWithProtoClient creates a client object with a protoclient
@@ -312,7 +306,7 @@ func LoginWithNewBaseNDF_UNSAFE(storageDir string, password []byte,
 // some specific deployment procedures and is generally unsafe.
 func LoginWithProtoClient(storageDir string, password []byte,
 	protoClientJSON []byte, newBaseNdf string,
-	params Params) (*Cmix, error) {
+	params Params) (*E2e, error) {
 	jww.INFO.Printf("LoginWithProtoClient()")
 
 	def, err := ParseNDF(newBaseNdf)
@@ -320,8 +314,14 @@ func LoginWithProtoClient(storageDir string, password []byte,
 		return nil, err
 	}
 
+	protoUser := &user.Proto{}
+	err = json.Unmarshal(protoClientJSON, protoUser)
+	if err != nil {
+		return nil, err
+	}
+
 	err = NewProtoClient_Unsafe(newBaseNdf, storageDir, password,
-		protoClientJSON)
+		protoUser)
 	if err != nil {
 		return nil, err
 	}
@@ -356,7 +356,12 @@ func LoginWithProtoClient(storageDir string, password []byte,
 		return nil, err
 	}
 
-	return c, nil
+	return Login(c, nil, ReceptionIdentity{
+		ID:            protoUser.ReceptionID,
+		RSAPrivatePem: protoUser.ReceptionRSA,
+		Salt:          protoUser.ReceptionSalt,
+		DHKeyPrivate:  protoUser.E2eDhPrivateKey,
+	})
 }
 
 func (c *Cmix) initComms() error {
diff --git a/xxdk/e2e.go b/xxdk/e2e.go
index fc68bf569ebd508cf1929a903c7507d25e18c125..dfb271b8eb2a4fffeffe7ffb7d691461a1583d6c 100644
--- a/xxdk/e2e.go
+++ b/xxdk/e2e.go
@@ -146,7 +146,6 @@ func LoadOrInitE2e(client *Cmix) (e2e.Handler, error) {
 		e2eHandler, err = e2e.Load(kv,
 			client.GetCmix(), usr.ReceptionID, e2eGrp, client.GetRng(),
 			client.GetEventReporter())
-		//if no new e2e handler exists, initialize an e2e user
 		if err != nil {
 			jww.WARN.Printf("Failed to load e2e instance for %s, "+
 				"creating a new one", usr.ReceptionID)
@@ -224,19 +223,21 @@ func (m *E2e) ConstructProtoUserFile() ([]byte, error) {
 	}
 
 	Usr := user.Proto{
-		TransmissionID:               m.GetUser().TransmissionID,
-		TransmissionSalt:             m.GetUser().TransmissionSalt,
-		TransmissionRSA:              m.GetUser().TransmissionRSA,
-		ReceptionID:                  m.GetUser().ReceptionID,
-		ReceptionSalt:                m.GetUser().ReceptionSalt,
-		ReceptionRSA:                 m.GetUser().ReceptionRSA,
-		Precanned:                    m.GetUser().Precanned,
-		RegistrationTimestamp:        m.GetUser().RegistrationTimestamp,
-		RegCode:                      regCode,
-		TransmissionRegValidationSig: m.GetStorage().GetTransmissionRegistrationValidationSignature(),
-		ReceptionRegValidationSig:    m.GetStorage().GetReceptionRegistrationValidationSignature(),
-		E2eDhPrivateKey:              m.e2e.GetHistoricalDHPrivkey(),
-		E2eDhPublicKey:               m.e2e.GetHistoricalDHPubkey(),
+		TransmissionID:        m.GetUser().TransmissionID,
+		TransmissionSalt:      m.GetUser().TransmissionSalt,
+		TransmissionRSA:       m.GetUser().TransmissionRSA,
+		ReceptionID:           m.GetUser().ReceptionID,
+		ReceptionSalt:         m.GetUser().ReceptionSalt,
+		ReceptionRSA:          m.GetUser().ReceptionRSA,
+		Precanned:             m.GetUser().Precanned,
+		RegistrationTimestamp: m.GetUser().RegistrationTimestamp,
+		RegCode:               regCode,
+		TransmissionRegValidationSig: m.GetStorage().
+			GetTransmissionRegistrationValidationSignature(),
+		ReceptionRegValidationSig: m.GetStorage().
+			GetReceptionRegistrationValidationSignature(),
+		E2eDhPrivateKey: m.e2e.GetHistoricalDHPrivkey(),
+		E2eDhPublicKey:  m.e2e.GetHistoricalDHPubkey(),
 	}
 
 	jsonBytes, err := json.Marshal(Usr)