diff --git a/src/algorithm.h b/src/algorithm.h
index 290ab04..ae0dc89 100644
--- a/src/algorithm.h
+++ b/src/algorithm.h
@@ -51,10 +51,13 @@ public:
 	                     sencode* privkey) = 0;
 
 	virtual int sign (const bvector&msg, bvector&sig,
-	                  sencode* privkey, prng&rng) = 0;
+	                  sencode* privkey, bool&dirty,
+	                  prng&rng) = 0;
 
 	virtual int verify (const bvector&sig, const bvector&msg,
 	                    sencode* pubkey) = 0;
+
+	virtual int create_keypair (sencode**pub, sencode**priv, prng&rng) = 0;
 };
 
 #endif
diff --git a/src/message.cpp b/src/message.cpp
index 84ffa6e..4ba7ef9 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -26,18 +26,36 @@ int encrypted_msg::encrypt (const bvector&msg,
 	key_id = Key_id;
 	alg_id = Alg_id;
 
-	sencode*pubkey = kr.get_pubkey (key_id);
-	if (!pubkey) return 1; //PK not found
+	algorithm*alg = NULL;
+	if (algs.count (alg_id) ) {
+		alg = algs[alg_id];
+		if (!alg->provides_encryption() )
+			alg = NULL;
+	}
 
-	return 0;
+	if (!alg) return 1;
+
+	sencode*pubkey = kr.get_pubkey (key_id);
+	if (!pubkey) return 2; //PK not found
+
+	return alg->encrypt (msg, ciphertext, pubkey, rng);
 }
 
 int encrypted_msg::decrypt (bvector& msg, algorithm_suite&algs, keyring& kr)
 {
-	sencode*privkey = kr.get_privkey (key_id);
-	if (!privkey) return 1; //no key found
+	algorithm*alg = NULL;
+	if (algs.count (alg_id) ) {
+		alg = algs[alg_id];
+		if (!alg->provides_encryption() )
+			alg = NULL;
+	}
 
-	return 0;
+	if (!alg) return 1;
+
+	sencode*privkey = kr.get_privkey (key_id);
+	if (!privkey) return 2;
+
+	return alg->decrypt (ciphertext, msg, privkey);
 }
 
 int signed_msg::sign (const bvector&msg,
@@ -49,17 +67,45 @@ int signed_msg::sign (const bvector&msg,
 	alg_id = Alg_id;
 	message = msg;
 
+	algorithm*alg = NULL;
+	if (algs.count (alg_id) ) {
+		alg = algs[alg_id];
+		if (!alg->provides_signatures() )
+			alg = NULL;
+	}
+
+	if (!alg) return 1;
+
 	sencode*privkey = kr.get_privkey (key_id);
-	if (!privkey) return 1;
+	if (!privkey) return 2;
+
+	bool privkey_dirty = false;
+	int r;
+
+	r = alg->sign (message, signature, privkey, privkey_dirty, rng);
+
+	if (r) return r;
+
+	//make sure the modified privkey gets stored correctly
+	//TODO
 
 	return 0;
 }
 
 int signed_msg::verify (algorithm_suite&algs, keyring&kr)
 {
-	sencode*pubkey = kr.get_pubkey (key_id);
-	if (!pubkey) return 1;
+	algorithm*alg = NULL;
+	if (algs.count (alg_id) ) {
+		alg = algs[alg_id];
+		if (!alg->provides_signatures() )
+			alg = NULL;
+	}
 
-	return 0;
+	if (!alg) return 1;
+
+	sencode*pubkey = kr.get_pubkey (key_id);
+	if (!pubkey) return 2;
+
+	return alg->verify (signature, message, pubkey);
 }
 
diff --git a/src/message.h b/src/message.h
index badb6b0..d7eef25 100644
--- a/src/message.h
+++ b/src/message.h
@@ -29,7 +29,7 @@
 class encrypted_msg
 {
 public:
-	bvector message;
+	bvector ciphertext;
 	std::string alg_id, key_id;
 
 	int decrypt (bvector&, algorithm_suite&, keyring&);