diff --git a/cmd/root.go b/cmd/root.go
index cca0887bcad971f7d378951d33e755825903b82c..587949a527da44f07b0a65f8869cd2633259b87f 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -589,7 +589,7 @@ func initCmix() (*xxdk.Cmix, xxdk.ReceptionIdentity) {
 				jww.FATAL.Panicf("%v", err)
 			}
 
-			err = xxdk.NewProtoClient_Unsafe(string(ndfJSON), storeDir,
+			knownReception, err = xxdk.NewProtoClient_Unsafe(string(ndfJSON), storeDir,
 				pass, protoUser)
 		} else if userIDprefix != "" {
 			err = xxdk.NewVanityClient(string(ndfJSON), storeDir,
diff --git a/xxdk/cmix.go b/xxdk/cmix.go
index 6bc1f0915134ec42d5a5bb21b2b433ae9603f59f..3e31d28593c4664ece6121c39b2bac746f229904 100644
--- a/xxdk/cmix.go
+++ b/xxdk/cmix.go
@@ -163,14 +163,14 @@ func OpenCmix(storageDir string, password []byte,
 // predefined cryptographic which defines a user. This is designed for some
 // specific deployment procedures and is generally unsafe.
 func NewProtoClient_Unsafe(ndfJSON, storageDir string, password []byte,
-	protoUser *user.Proto) error {
+	protoUser *user.Proto) (ReceptionIdentity, error) {
 	jww.INFO.Printf("NewProtoClient_Unsafe")
 
 	usr := user.NewUserFromProto(protoUser)
 
 	def, err := ParseNDF(ndfJSON)
 	if err != nil {
-		return err
+		return ReceptionIdentity{}, err
 	}
 
 	cmixGrp, e2eGrp := DecodeGroups(def)
@@ -178,7 +178,13 @@ func NewProtoClient_Unsafe(ndfJSON, storageDir string, password []byte,
 	storageSess, err := CheckVersionAndSetupStorage(def, storageDir,
 		password, usr, cmixGrp, e2eGrp, protoUser.RegCode)
 	if err != nil {
-		return err
+		return ReceptionIdentity{}, err
+	}
+
+	identity, err := buildReceptionIdentity(protoUser.ReceptionID, protoUser.ReceptionSalt,
+		protoUser.ReceptionRSA, e2eGrp, protoUser.E2eDhPrivateKey)
+	if err != nil {
+		return ReceptionIdentity{}, err
 	}
 
 	storageSess.SetReceptionRegistrationValidationSignature(
@@ -192,10 +198,10 @@ func NewProtoClient_Unsafe(ndfJSON, storageDir string, password []byte,
 	err = storageSess.ForwardRegistrationStatus(
 		storage.PermissioningComplete)
 	if err != nil {
-		return err
+		return ReceptionIdentity{}, err
 	}
 
-	return nil
+	return identity, nil
 }
 
 // LoadCmix initializes a Cmix object from existing storage and starts the network
diff --git a/xxdk/e2e.go b/xxdk/e2e.go
index 69e1a463b8a70cb5b12ed6d413f127c774367614..098657f9c4e2e0ad4c15e3ce797c4457d1888540 100644
--- a/xxdk/e2e.go
+++ b/xxdk/e2e.go
@@ -98,8 +98,8 @@ func LoginLegacy(client *Cmix, params E2EParams, callbacks AuthCallbacks) (
 		return nil, err
 	}
 
-	m.e2eIdentity, err = buildReceptionIdentity(userInfo, m.e2e.GetGroup(),
-		m.e2e.GetHistoricalDHPrivkey())
+	m.e2eIdentity, err = buildReceptionIdentity(userInfo.ReceptionID, userInfo.ReceptionSalt,
+		userInfo.ReceptionRSA, m.e2e.GetGroup(), m.e2e.GetHistoricalDHPrivkey())
 	return m, err
 }
 
@@ -157,7 +157,7 @@ func LoginWithProtoClient(storageDir string, password []byte,
 		return nil, err
 	}
 
-	err = NewProtoClient_Unsafe(newBaseNdf, storageDir, password,
+	receptionIdentity, err := NewProtoClient_Unsafe(newBaseNdf, storageDir, password,
 		protoUser)
 	if err != nil {
 		return nil, err
@@ -174,10 +174,6 @@ func LoginWithProtoClient(storageDir string, password []byte,
 	if err != nil {
 		return nil, err
 	}
-
-	userInfo := user.NewUserFromProto(protoUser)
-	receptionIdentity, err := buildReceptionIdentity(userInfo,
-		c.GetStorage().GetE2EGroup(), protoUser.E2eDhPrivateKey)
 	return Login(c, callbacks, receptionIdentity, e2eParams)
 }
 
diff --git a/xxdk/identity.go b/xxdk/identity.go
index 96100eddf44e1a7de4bbf11045dea336b6446251..ba4706b3489a20a09919c33b4808b59d34ed1d9b 100644
--- a/xxdk/identity.go
+++ b/xxdk/identity.go
@@ -176,9 +176,10 @@ func (r ReceptionIdentity) GetContact() contact.Contact {
 
 // buildReceptionIdentity creates a new ReceptionIdentity
 // from the given user.Info
-func buildReceptionIdentity(userInfo user.Info, e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) (ReceptionIdentity, error) {
-	saltCopy := make([]byte, len(userInfo.ReceptionSalt))
-	copy(saltCopy, userInfo.ReceptionSalt)
+func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte, receptionRsa *rsa.PrivateKey,
+	e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) (ReceptionIdentity, error) {
+	saltCopy := make([]byte, len(receptionSalt))
+	copy(saltCopy, receptionSalt)
 
 	grp, err := e2eGrp.MarshalJSON()
 	if err != nil {
@@ -190,8 +191,8 @@ func buildReceptionIdentity(userInfo user.Info, e2eGrp *cyclic.Group, dHPrivkey
 	}
 
 	return ReceptionIdentity{
-		ID:            userInfo.ReceptionID.DeepCopy(),
-		RSAPrivatePem: rsa.CreatePrivateKeyPem(userInfo.ReceptionRSA),
+		ID:            receptionId.DeepCopy(),
+		RSAPrivatePem: rsa.CreatePrivateKeyPem(receptionRsa),
 		Salt:          saltCopy,
 		DHKeyPrivate:  privKey,
 		E2eGrp:        grp,
diff --git a/xxdk/precan.go b/xxdk/precan.go
index 51ae566f33d7983bf2009c3b5e3107551653f1ab..e0e008e85863ce52ee53926eac8e8f8c69518ac4 100644
--- a/xxdk/precan.go
+++ b/xxdk/precan.go
@@ -76,14 +76,15 @@ func NewPrecannedClient(precannedID uint, defJSON, storageDir string,
 
 	dhPrivKey := generatePrecanDHKeypair(precannedID, e2eGrp)
 
-	protoUser := CreatePrecannedUser(precannedID, rngStream)
-	identity, err := buildReceptionIdentity(protoUser, e2eGrp, dhPrivKey)
+	userInfo := CreatePrecannedUser(precannedID, rngStream)
+	identity, err := buildReceptionIdentity(userInfo.ReceptionID, userInfo.ReceptionSalt,
+		userInfo.ReceptionRSA, e2eGrp, dhPrivKey)
 	if err != nil {
 		return ReceptionIdentity{}, err
 	}
 
 	store, err := CheckVersionAndSetupStorage(def, storageDir, password,
-		protoUser, cmixGrp, e2eGrp, "")
+		userInfo, cmixGrp, e2eGrp, "")
 	if err != nil {
 		return ReceptionIdentity{}, err
 	}