diff --git a/Identity.cpp b/Identity.cpp
index d4b0d719..23bc63a1 100644
--- a/Identity.cpp
+++ b/Identity.cpp
@@ -77,6 +77,20 @@ namespace data
 		return *this;
 	}	
 
+	IdentityEx& IdentityEx::operator=(const Identity& standard)
+	{
+		m_StandardIdentity = standard;
+		m_IdentHash = m_StandardIdentity.Hash ();
+		
+		delete m_Verifier;
+		m_Verifier = nullptr;
+		delete[] m_ExtendedBuffer;
+		m_ExtendedBuffer = nullptr;
+		m_ExtendedLen = 0;
+		
+		return *this;
+	}	
+		
 	size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len)
 	{
 		delete m_Verifier;
@@ -99,7 +113,15 @@ namespace data
 		return GetFullLen ();
 	}	
 
-	size_t IdentityEx::GetSigningPublicKeyLen () 
+	size_t IdentityEx::ToBuffer (uint8_t * buf, size_t len) const
+	{		
+		memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
+		if (m_ExtendedLen > 0 && m_ExtendedBuffer)
+			memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen);
+		return GetFullLen ();
+	}
+		
+	size_t IdentityEx::GetSigningPublicKeyLen () const
 	{
 		if (!m_Verifier) 
 			CreateVerifier ();
@@ -108,7 +130,7 @@ namespace data
 		return 128;
 	}	
 
-	size_t IdentityEx::GetSignatureLen ()
+	size_t IdentityEx::GetSignatureLen () const
 	{		
 		if (!m_Verifier) 
 			CreateVerifier ();
@@ -125,7 +147,7 @@ namespace data
 		return false;
 	}	
 		
-	void IdentityEx::CreateVerifier ()
+	void IdentityEx::CreateVerifier () const
 	{
 		switch (m_StandardIdentity.certificate.type)
 		{	
diff --git a/Identity.h b/Identity.h
index 5be25e09..a864a3a8 100644
--- a/Identity.h
+++ b/Identity.h
@@ -109,24 +109,26 @@ namespace data
 			IdentityEx (const IdentityEx& other);
 			~IdentityEx ();
 			IdentityEx& operator=(const IdentityEx& other);
-
+			IdentityEx& operator=(const Identity& standard);
+			
 			size_t FromBuffer (const uint8_t * buf, size_t len);
+			size_t ToBuffer (uint8_t * buf, size_t len) const;
 			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
 			const IdentHash& GetIdentHash () const { return m_IdentHash; };
 			size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; };
-			size_t GetSigningPublicKeyLen ();
-			size_t GetSignatureLen ();
+			size_t GetSigningPublicKeyLen () const;
+			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature);
 			
 		private:
 
-			void CreateVerifier ();
+			void CreateVerifier () const;
 			
 		private:
 
 			Identity m_StandardIdentity;
 			IdentHash m_IdentHash;
-			i2p::crypto::Verifier * m_Verifier;
+			mutable i2p::crypto::Verifier * m_Verifier;
 			size_t m_ExtendedLen;
 			uint8_t * m_ExtendedBuffer;
 	};	
@@ -201,8 +203,7 @@ namespace data
 		public:
 
 			virtual ~LocalDestination() {};
-			virtual const IdentHash& GetIdentHash () const = 0;
-			virtual const Identity& GetIdentity () const = 0;
+			virtual const IdentityEx& GetIdentity () const = 0;
 			virtual const uint8_t * GetEncryptionPrivateKey () const = 0; 
 			virtual const uint8_t * GetEncryptionPublicKey () const = 0; 
 			virtual void Sign (const uint8_t * buf, int len, uint8_t * signature) const = 0;
diff --git a/LeaseSet.cpp b/LeaseSet.cpp
index 43b6ef58..f3bf63f9 100644
--- a/LeaseSet.cpp
+++ b/LeaseSet.cpp
@@ -22,17 +22,18 @@ namespace data
 
 	LeaseSet::LeaseSet (const i2p::tunnel::TunnelPool& pool):
 		m_IsUnsolicited (false)
-	{
-		m_BufferLen = 0;	
+	{	
 		// header
 		const i2p::data::LocalDestination& localDestination = pool.GetLocalDestination ();
-		LeaseSetHeader * header = (LeaseSetHeader *)m_Buffer;
-		header->destination = localDestination.GetIdentity ();
-		memcpy (header->encryptionKey, localDestination.GetEncryptionPublicKey (), 256);
-		memset (header->signingKey, 0, 128);
+		m_BufferLen = localDestination.GetIdentity ().ToBuffer (m_Buffer, MAX_LS_BUFFER_SIZE);
+		memcpy (m_Buffer + m_BufferLen, localDestination.GetEncryptionPublicKey (), 256);
+		m_BufferLen += 256;
+		auto signingKeyLen = localDestination.GetIdentity ().GetSigningPublicKeyLen ();
+		memset (m_Buffer + m_BufferLen, 0, signingKeyLen);
+		m_BufferLen += signingKeyLen;
 		auto tunnels = pool.GetInboundTunnels (5); // 5 tunnels maximum
-		header->num = tunnels.size (); // num leases
-		m_BufferLen += sizeof (LeaseSetHeader);	
+		m_Buffer[m_BufferLen] = tunnels.size (); // num leases
+		m_BufferLen++;
 		// leases
 		for (auto it: tunnels)
 		{	
@@ -45,8 +46,9 @@ namespace data
 			m_BufferLen += sizeof (Lease);
 		}	
 		// signature
+		// TODO: signer
 		localDestination.Sign (m_Buffer, m_BufferLen, m_Buffer + m_BufferLen);
-		m_BufferLen += 40;
+		m_BufferLen += 40; // TODO:
 		LogPrint ("Local LeaseSet of ", tunnels.size (), " leases created");
 
 		ReadFromBuffer ();
diff --git a/LeaseSet.h b/LeaseSet.h
index c02bbfad..ea4f04d1 100644
--- a/LeaseSet.h
+++ b/LeaseSet.h
@@ -34,14 +34,6 @@ namespace data
 		}	
 	};	
 	
-	struct LeaseSetHeader
-	{
-		Identity destination;
-		uint8_t encryptionKey[256];
-		uint8_t signingKey[128];
-		uint8_t num;
-	};	
-	
 #pragma pack()	
 
 	const int MAX_LS_BUFFER_SIZE = 2048;	
diff --git a/RouterContext.cpp b/RouterContext.cpp
index 13bf1891..089f7e37 100644
--- a/RouterContext.cpp
+++ b/RouterContext.cpp
@@ -44,6 +44,7 @@ namespace i2p
 		routerInfo.CreateBuffer ();
 
 		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
+		m_Identity = m_RouterInfo.GetRouterIdentity ();
 	}
 
 	void RouterContext::OverrideNTCPAddress (const char * host, int port)
@@ -84,7 +85,8 @@ namespace i2p
 
 		i2p::data::RouterInfo routerInfo(i2p::util::filesystem::GetFullPath (ROUTER_INFO)); // TODO
 		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
-
+		m_Identity = m_RouterInfo.GetRouterIdentity ();
+		
 		return true;
 	}
 
diff --git a/RouterContext.h b/RouterContext.h
index 943a04e1..17b1d4c9 100644
--- a/RouterContext.h
+++ b/RouterContext.h
@@ -22,14 +22,14 @@ namespace i2p
 			const uint8_t * GetPrivateKey () const { return m_Keys.privateKey; };
 			const uint8_t * GetSigningPrivateKey () const { return m_Keys.signingPrivateKey; };
 			const i2p::data::Identity& GetRouterIdentity () const { return m_RouterInfo.GetRouterIdentity (); };
+			const i2p::data::IdentHash& GetRouterIdentHash () const { return m_RouterInfo.GetIdentHash (); };
 			CryptoPP::RandomNumberGenerator& GetRandomNumberGenerator () { return m_Rnd; };	
 
 			void OverrideNTCPAddress (const char * host, int port); // temporary
 			void UpdateAddress (const char * host);	// called from SSU
 			
 			// implements LocalDestination
-			const i2p::data::IdentHash& GetIdentHash () const { return m_RouterInfo.GetIdentHash (); };
-			const i2p::data::Identity& GetIdentity () const { return GetRouterIdentity (); };
+			const i2p::data::IdentityEx& GetIdentity () const { return m_Identity; };
 			const uint8_t * GetEncryptionPrivateKey () const { return GetPrivateKey (); };
 			const uint8_t * GetEncryptionPublicKey () const { return m_Keys.publicKey; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
@@ -45,6 +45,7 @@ namespace i2p
 		private:
 
 			i2p::data::RouterInfo m_RouterInfo;
+			i2p::data::IdentityEx m_Identity; // TODO: move to RI
 			i2p::data::Keys m_Keys;
 			CryptoPP::DSA::PrivateKey m_SigningPrivateKey;
 			CryptoPP::AutoSeededRandomPool m_Rnd;
diff --git a/Streaming.cpp b/Streaming.cpp
index 7d168ef4..d81f6511 100644
--- a/Streaming.cpp
+++ b/Streaming.cpp
@@ -507,7 +507,7 @@ namespace stream
 	{		
 		m_Keys = i2p::data::CreateRandomKeys ();
 
-		m_IdentHash = m_Keys.pub.Hash ();
+		m_Identity = m_Keys.pub;
 		m_SigningPrivateKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, 
 			CryptoPP::Integer (m_Keys.signingPrivateKey, 20));
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
@@ -524,7 +524,7 @@ namespace stream
 		else
 			LogPrint ("Can't open file ", fullPath);
 
-		m_IdentHash = m_Keys.pub.Hash ();
+		m_Identity = m_Keys.pub;
 		m_SigningPrivateKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, 
 			CryptoPP::Integer (m_Keys.signingPrivateKey, 20));
 		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
@@ -627,7 +627,7 @@ namespace stream
 		if (!m_SharedLocalDestination)
 		{	
 			m_SharedLocalDestination = new StreamingDestination (m_Service);
-			m_Destinations[m_SharedLocalDestination->GetIdentHash ()] = m_SharedLocalDestination;
+			m_Destinations[m_SharedLocalDestination->GetIdentity ().GetIdentHash ()] = m_SharedLocalDestination;
 		}
 		LoadLocalDestinations ();	
 		
@@ -673,7 +673,7 @@ namespace stream
 				it->path();
 #endif
 				auto localDestination = new StreamingDestination (m_Service, fullPath);
-				m_Destinations[localDestination->GetIdentHash ()] = localDestination;
+				m_Destinations[localDestination->GetIdentity ().GetIdentHash ()] = localDestination;
 				numDestinations++;
 			}	
 		}	
diff --git a/Streaming.h b/Streaming.h
index ac9042c5..644d9243 100644
--- a/Streaming.h
+++ b/Streaming.h
@@ -153,8 +153,7 @@ namespace stream
 			void HandleNextPacket (Packet * packet);
 
 			// implements LocalDestination
-			const i2p::data::IdentHash& GetIdentHash () const { return m_IdentHash; };
-			const i2p::data::Identity& GetIdentity () const { return m_Keys.pub; };
+			const i2p::data::IdentityEx& GetIdentity () const { return m_Identity; };
 			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
 			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionPublicKey; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
@@ -170,7 +169,7 @@ namespace stream
 			boost::asio::io_service& m_Service;
 			std::map<uint32_t, Stream *> m_Streams;
 			i2p::data::PrivateKeys m_Keys;
-			i2p::data::IdentHash m_IdentHash;
+			i2p::data::IdentityEx m_Identity;
 			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
 			
 			i2p::tunnel::TunnelPool * m_Pool;
diff --git a/TunnelPool.cpp b/TunnelPool.cpp
index 2cfcac99..0ae78eee 100644
--- a/TunnelPool.cpp
+++ b/TunnelPool.cpp
@@ -195,7 +195,7 @@ namespace tunnel
 		{	
 			// last hop
 			auto hop = outboundTunnel->GetTunnelConfig ()->GetFirstHop ()->router;
-			if (hop->GetIdentHash () != i2p::context.GetIdentHash ()) // outbound shouldn't be zero-hop tunnel
+			if (hop->GetIdentHash () != i2p::context.GetRouterIdentHash ()) // outbound shouldn't be zero-hop tunnel
 			{	
 				prevHop = hop;
 				hops.push_back (prevHop);
diff --git a/TunnelPool.h b/TunnelPool.h
index 043a872e..cf590ac5 100644
--- a/TunnelPool.h
+++ b/TunnelPool.h
@@ -30,7 +30,7 @@ namespace tunnel
 			const uint8_t * GetEncryptionPrivateKey () const { return m_LocalDestination.GetEncryptionPrivateKey (); };
 			const uint8_t * GetEncryptionPublicKey () const { return m_LocalDestination.GetEncryptionPublicKey (); };
 			const i2p::data::LocalDestination& GetLocalDestination () const { return m_LocalDestination; };
-			bool IsExploratory () const { return m_LocalDestination.GetIdentHash () == i2p::context.GetIdentHash (); };		
+			bool IsExploratory () const { return GetIdentHash () == i2p::context.GetRouterIdentHash (); };		
 
 			void CreateTunnels ();
 			void TunnelCreated (InboundTunnel * createdTunnel);
@@ -40,7 +40,7 @@ namespace tunnel
 			std::vector<InboundTunnel *> GetInboundTunnels (int num) const;
 			OutboundTunnel * GetNextOutboundTunnel (OutboundTunnel * suggested = nullptr);
 			InboundTunnel * GetNextInboundTunnel (InboundTunnel * suggested = nullptr);
-			const i2p::data::IdentHash& GetIdentHash () { return m_LocalDestination.GetIdentHash (); };			
+			const i2p::data::IdentHash& GetIdentHash () const { return m_LocalDestination.GetIdentity ().GetIdentHash (); };			
 
 			void TestTunnels ();
 			void ProcessDeliveryStatus (I2NPMessage * msg);