diff --git a/include/sxt/ed25519.h b/include/sxt/ed25519.h
new file mode 100644
index 0000000..544ba87
--- /dev/null
+++ b/include/sxt/ed25519.h
@@ -0,0 +1,72 @@
+/*
+ * Secure eXtended Message Passing framework
+ * Secure eXtended Transport layer implementation: (libsxt)
+ * - very similar to SSH2/TLS
+ * - using already proven and tested crypto algos
+ * - better than TLS for message passing
+ *
+ * PublicPrivateKeyPairs operation API
+ *
+ * Copyright (c) 2014 by Aris Adamantiadis
+ * (c) Alexander Vdolainen 2016 <avdolainen@zoho.com>
+ *
+ * libsxmp is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * libsxmp is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.";
+ *
+ */
+
+#ifndef __SXT_ED25519_H__
+#define __SXT_ED25519_H__
+#include <sxt/ge25519.h>
+#include <sxt/sxtkey.h>
+
+/* ed25519 related functions */
+/** @internal
+ * @brief generate an ed25519 key pair
+ * @param[out] pk generated public key
+ * @param[out] sk generated secret key
+ * @return     0 on success, -1 on error.
+ * */
+int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk);
+
+/** @internal
+ * @brief sign a message with ed25519
+ * @param[out] sm location to store the signed message.
+ *                Its length should be mlen + 64.
+ * @param[out] smlen pointer to the size of the signed message
+ * @param[in] m message to be signed
+ * @param[in] mlen length of the message to be signed
+ * @param[in] sk secret key to sign the message with
+ * @return    0 on success.
+ */
+int crypto_sign_ed25519(unsigned char *sm,unsigned long long *smlen,
+                        const unsigned char *m,unsigned long long mlen,
+                        const ed25519_privkey sk);
+
+/** @internal
+ * @brief "open" and verify the signature of a signed message
+ * @param[out] m location to store the verified message.
+ *               Its length should be equal to smlen.
+ * @param[out] mlen pointer to the size of the verified message
+ * @param[in] sm signed message to verify
+ * @param[in] smlen length of the signed message to verify
+ * @param[in] pk public key used to sign the message
+ * @returns   0 on success (supposedly).
+ */
+int crypto_sign_ed25519_open(unsigned char *m,unsigned long long *mlen,
+                             const unsigned char *sm,unsigned long long smlen,
+                             const ed25519_pubkey pk);
+
+/** @} */
+
+#endif
diff --git a/include/sxt/sxtkey.h b/include/sxt/sxtkey.h
index 56f85bc..a480d90 100644
--- a/include/sxt/sxtkey.h
+++ b/include/sxt/sxtkey.h
@@ -7,7 +7,6 @@
  *
  * PublicPrivateKeyPairs operation API
  *
- * Copyright (c) 2014 by Aris Adamantiadis
  * (c) Alexander Vdolainen 2016 <avdolainen@zoho.com>
  *
  * libsxmp is free software: you can redistribute it and/or modify it
@@ -57,43 +56,24 @@ typedef struct sxtsignature_type {
   ed25519_signature *sig;
 } sxtsignature_t;
 
-/* ed25519 related functions */
-/** @internal
- * @brief generate an ed25519 key pair
- * @param[out] pk generated public key
- * @param[out] sk generated secret key
- * @return     0 on success, -1 on error.
- * */
-int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk);
+/* API */
+/* allocate a key */
+sxtkey_t *sxt_key_alloc(void);
 
-/** @internal
- * @brief sign a message with ed25519
- * @param[out] sm location to store the signed message.
- *                Its length should be mlen + 64.
- * @param[out] smlen pointer to the size of the signed message
- * @param[in] m message to be signed
- * @param[in] mlen length of the message to be signed
- * @param[in] sk secret key to sign the message with
- * @return    0 on success.
+/* burn i.e. zero all stuff within key structure to be
+ * hidden in core dump
  */
-int crypto_sign_ed25519(unsigned char *sm,unsigned long long *smlen,
-                        const unsigned char *m,unsigned long long mlen,
-                        const ed25519_privkey sk);
+void sxt_key_burn(sxtkey_t *);
 
-/** @internal
- * @brief "open" and verify the signature of a signed message
- * @param[out] m location to store the verified message.
- *               Its length should be equal to smlen.
- * @param[out] mlen pointer to the size of the verified message
- * @param[in] sm signed message to verify
- * @param[in] smlen length of the signed message to verify
- * @param[in] pk public key used to sign the message
- * @returns   0 on success (supposedly).
+/* free sxt key structure */
+void sxt_key_free(sxtkey_t *);
+
+/* generate a keypair, depends on type and optional parameter given
+ * the last one leaved for stable API, current ed25519 keys doesn't
+ * need them
  */
-int crypto_sign_ed25519_open(unsigned char *m,unsigned long long *mlen,
-                             const unsigned char *sm,unsigned long long smlen,
-                             const ed25519_pubkey pk);
+int sxt_key_generate(sxtkey_t *, int , int );
+
 
-/** @} */
 
 #endif /* __SXT_SXTKEY_H__ */
diff --git a/sxt/ppkp_ops.c b/sxt/ppkp_ops.c
index 9ae0541..de1adad 100644
--- a/sxt/ppkp_ops.c
+++ b/sxt/ppkp_ops.c
@@ -40,6 +40,7 @@
 
 #include <sxt/errno.h>
 #include <sxt/sxtkey.h>
+#include <sxt/ed25519.h>
 
 int sxt_key_generate(sxtkey_t *key, int type, int opt)
 {