diff --git a/libi2pd/Destination.cpp b/libi2pd/Destination.cpp
index ba90342c..5187fedc 100644
--- a/libi2pd/Destination.cpp
+++ b/libi2pd/Destination.cpp
@@ -70,6 +70,16 @@ namespace client
 				it = params->find (I2CP_PARAM_LEASESET_TYPE);
 				if (it != params->end ())
 					m_LeaseSetType = std::stoi(it->second);
+				it = params->find (I2CP_PARAM_LEASESET_PRIV_KEY);
+				if (it != params->end ())
+				{
+					m_LeaseSetPrivKey.reset (new i2p::data::Tag<32>());
+					if (m_LeaseSetPrivKey->FromBase64 (it->second) != 32)
+					{
+						LogPrint(eLogError, "Destination: invalid value i2cp.leaseSetPrivKey ", it->second);
+						m_LeaseSetPrivKey.reset (nullptr);
+					}
+				}
 			}
 		}
 		catch (std::exception & ex)
@@ -422,7 +432,7 @@ namespace client
 				auto it2 = m_LeaseSetRequests.find (key);
 				if (it2 != m_LeaseSetRequests.end () && it2->second->requestedBlindedKey)
 				{
-					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset, it2->second->requestedBlindedKey);
+					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset, it2->second->requestedBlindedKey, m_LeaseSetPrivKey ? *m_LeaseSetPrivKey : nullptr);
 					if (ls2->IsValid ())
 					{
 						m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
diff --git a/libi2pd/Destination.h b/libi2pd/Destination.h
index 64dd0b58..35a9dbae 100644
--- a/libi2pd/Destination.h
+++ b/libi2pd/Destination.h
@@ -55,6 +55,7 @@ namespace client
 	const char I2CP_PARAM_LEASESET_TYPE[] = "i2cp.leaseSetType";
 	const int DEFAULT_LEASESET_TYPE = 1;		
 	const char I2CP_PARAM_LEASESET_ENCRYPTION_TYPE[] = "i2cp.leaseSetEncType";
+	const char I2CP_PARAM_LEASESET_PRIV_KEY[] = "i2cp.leaseSetPrivKey"; // PSK decryption key, base64
 
 	// latency
 	const char I2CP_PARAM_MIN_TUNNEL_LATENCY[] = "latency.min";
@@ -175,6 +176,7 @@ namespace client
 				m_PublishDelayTimer, m_CleanupTimer;
 			std::string m_Nickname;
 			int m_LeaseSetType;
+			std::unique_ptr<i2p::data::Tag<32> > m_LeaseSetPrivKey; // non-null if presented
 
 		public:
 
diff --git a/libi2pd/Tag.h b/libi2pd/Tag.h
index 03e3bc06..8af82241 100644
--- a/libi2pd/Tag.h
+++ b/libi2pd/Tag.h
@@ -71,14 +71,14 @@ public:
 		return std::string (str, str + l);
 	}
 
-	void FromBase32 (const std::string& s)
+	size_t FromBase32 (const std::string& s)
 	{
-		i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+		return i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
 	}
 
-	void FromBase64 (const std::string& s)
+	size_t FromBase64 (const std::string& s)
 	{
-		i2p::data::Base64ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+		return i2p::data::Base64ToByteStream (s.c_str (), s.length (), m_Buf, sz);
 	}
 
 private:
diff --git a/libi2pd_client/ClientContext.cpp b/libi2pd_client/ClientContext.cpp
index 3292419a..c286007c 100644
--- a/libi2pd_client/ClientContext.cpp
+++ b/libi2pd_client/ClientContext.cpp
@@ -395,6 +395,8 @@ namespace client
 		options[I2CP_PARAM_LEASESET_TYPE] = GetI2CPOption(section, I2CP_PARAM_LEASESET_TYPE, DEFAULT_LEASESET_TYPE);
 		std::string encType = GetI2CPStringOption(section, I2CP_PARAM_LEASESET_ENCRYPTION_TYPE, "");
 		if (encType.length () > 0) options[I2CP_PARAM_LEASESET_ENCRYPTION_TYPE] = encType;
+		std::string privKey = GetI2CPStringOption(section, I2CP_PARAM_LEASESET_PRIV_KEY, "");
+		if (privKey.length () > 0) options[I2CP_PARAM_LEASESET_PRIV_KEY] = privKey;
 	}
 
 	void ClientContext::ReadI2CPOptionsFromConfig (const std::string& prefix, std::map<std::string, std::string>& options) const