diff --git a/Garlic.h b/Garlic.h
index 92a8a081..db106b67 100644
--- a/Garlic.h
+++ b/Garlic.h
@@ -88,7 +88,7 @@ namespace garlic
 
 			GarlicDestination * m_Owner;
 			const i2p::data::RoutingDestination * m_Destination;
-			uint8_t m_SessionKey[32];
+			i2p::crypto::AESKey m_SessionKey;
 			std::list<SessionTag> m_SessionTags;
 			int m_NumTags;
 			std::map<uint32_t, UnconfirmedTags *> m_UnconfirmedTagsMsgs;	
diff --git a/NTCPSession.cpp b/NTCPSession.cpp
index ee6dde07..d64ffedb 100644
--- a/NTCPSession.cpp
+++ b/NTCPSession.cpp
@@ -38,7 +38,7 @@ namespace transport
 		m_DelayedMessages.clear ();	
 	}
 
-	void NTCPSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey)
+	void NTCPSession::CreateAESKey (uint8_t * pubKey, i2p::crypto::AESKey& key)
 	{
 		CryptoPP::DH dh (elgp, elgg);
 		uint8_t sharedKey[256];
@@ -49,6 +49,7 @@ namespace transport
 			return;
 		};
 
+		uint8_t * aesKey = key;
 		if (sharedKey[0] & 0x80)
 		{
 			aesKey[0] = 0;
@@ -201,7 +202,7 @@ namespace transport
 		m_Establisher->phase2.encrypted.timestamp = tsB;
 		// TODO: fill filler
 
-		uint8_t aesKey[32];
+		i2p::crypto::AESKey aesKey;
 		CreateAESKey (m_Establisher->phase1.pubKey, aesKey);
 		m_Encryption.SetKey (aesKey);
 		m_Encryption.SetIV (y + 240);
@@ -249,7 +250,7 @@ namespace transport
 		{	
 			LogPrint ("Phase 2 received: ", bytes_transferred);
 		
-			uint8_t aesKey[32];
+			i2p::crypto::AESKey aesKey;
 			CreateAESKey (m_Establisher->phase2.pubKey, aesKey);
 			m_Decryption.SetKey (aesKey);
 			m_Decryption.SetIV (m_Establisher->phase2.pubKey + 240);
diff --git a/NTCPSession.h b/NTCPSession.h
index 25ffa2be..0edff7fc 100644
--- a/NTCPSession.h
+++ b/NTCPSession.h
@@ -84,7 +84,7 @@ namespace transport
 			
 		private:
 
-			void CreateAESKey (uint8_t * pubKey, uint8_t * aesKey);
+			void CreateAESKey (uint8_t * pubKey, i2p::crypto::AESKey& key);
 				
 			// client
 			void SendPhase3 ();
diff --git a/aes.cpp b/aes.cpp
index 458654ec..b03a46fa 100644
--- a/aes.cpp
+++ b/aes.cpp
@@ -40,7 +40,7 @@ namespace crypto
 		"pxor %%xmm2, %%xmm3 \n" \
 		"movaps	%%xmm3, "#round1"(%[sched]) \n" 
 
-	void ECBCryptoAESNI::ExpandKey (const uint8_t * key)
+	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
 	{
 		__asm__
 		(
@@ -73,7 +73,7 @@ namespace crypto
 			"pxor %%xmm2, %%xmm1 \n"
 			"movups	%%xmm1, 224(%[sched]) \n"
 			: // output
-			: [key]"r"(key), [sched]"r"(m_KeySchedule) // input
+			: [key]"r"((const uint8_t *)key), [sched]"r"(m_KeySchedule) // input
 			: "%xmm1", "%xmm2", "%xmm3", "%xmm4" // clogged
 		);
 	}
@@ -139,7 +139,7 @@ namespace crypto
 		"aesimc %%xmm0, %%xmm0 \n" \
 		"movaps %%xmm0, "#offset"(%[shed]) \n" 
 
-	void ECBDecryptionAESNI::SetKey (const uint8_t * key)
+	void ECBDecryptionAESNI::SetKey (const AESKey& key)
 	{
 		ExpandKey (key); // expand encryption key first
 		// then  invert it using aesimc
diff --git a/aes.h b/aes.h
index b28fa8dc..3d7e9c7e 100644
--- a/aes.h
+++ b/aes.h
@@ -34,7 +34,7 @@ namespace crypto
 			
 		protected:
 
-			void ExpandKey (const uint8_t * key);
+			void ExpandKey (const AESKey& key);
 		
 		protected:
 
@@ -46,7 +46,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) { ExpandKey (key); };
+			void SetKey (const AESKey& key) { ExpandKey (key); };
 			void Encrypt (const ChipherBlock * in, ChipherBlock * out);	
 	};	
 
@@ -54,7 +54,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key);
+			void SetKey (const AESKey& key);
 			void Decrypt (const ChipherBlock * in, ChipherBlock * out);		
 	};	
 
@@ -67,7 +67,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) 
+			void SetKey (const AESKey& key) 
 			{ 
 				m_Encryption.SetKey (key, 32); 
 			}
@@ -85,7 +85,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) 
+			void SetKey (const AESKey& key) 
 			{ 
 				m_Decryption.SetKey (key, 32); 
 			}
@@ -108,7 +108,7 @@ namespace crypto
 	
 			CBCEncryption () { memset (m_LastBlock.buf, 0, 16); };
 
-			void SetKey (const uint8_t * key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
+			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy (m_LastBlock.buf, iv, 16); }; // 16 bytes
 
 			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
@@ -128,7 +128,7 @@ namespace crypto
 	
 			CBCDecryption () { memset (m_IV.buf, 0, 16); };
 
-			void SetKey (const uint8_t * key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
+			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy (m_IV.buf, iv, 16); }; // 16 bytes
 
 			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
@@ -145,7 +145,7 @@ namespace crypto
 	{
 		public:
 
-			void SetKeys (const uint8_t * layerKey, const uint8_t * ivKey)
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
 			{
 				m_LayerEncryption.SetKey (layerKey);
 				m_IVEncryption.SetKey (ivKey);
@@ -167,7 +167,7 @@ namespace crypto
 	{
 		public:
 
-			void SetKeys (const uint8_t * layerKey, const uint8_t * ivKey)
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
 			{
 				m_LayerDecryption.SetKey (layerKey);
 				m_IVDecryption.SetKey (ivKey);