diff --git a/go.mod b/go.mod
index 1fddf1e..7004448 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,6 @@ require (
 	github.com/gogo/protobuf v1.3.1
 	github.com/opencoff/go-utils v0.4.1
 	github.com/opencoff/pflag v0.5.0
-	golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
-	gopkg.in/yaml.v2 v2.2.4
+	golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
+	gopkg.in/yaml.v2 v2.2.7
 )
diff --git a/go.sum b/go.sum
index 07d58f7..f421213 100644
--- a/go.sum
+++ b/go.sum
@@ -4,25 +4,14 @@ github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/opencoff/go-utils v0.3.0 h1:/TQXjf50o3GSB9MItog5L8Gf4GWJ4B5+rmqjB4g2RZQ=
-github.com/opencoff/go-utils v0.3.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
-github.com/opencoff/go-utils v0.4.0 h1:pu08Om//u2+YGvLkHa2CyL6eI+/1J0bXih1Z6nuITp8=
-github.com/opencoff/go-utils v0.4.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
 github.com/opencoff/go-utils v0.4.1 h1:Ke4Q1Tl2GKMI+dwleuPNHH713ngRiNMOFIkymncHqXg=
 github.com/opencoff/go-utils v0.4.1/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
-github.com/opencoff/pflag v0.3.3 h1:yohZkwYGPkB34WXvUQzU5GyLhImnjfePDARUaE8me3U=
-github.com/opencoff/pflag v0.3.3/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
-github.com/opencoff/pflag v0.4.0 h1:Y+okQXIvgnGplXlKqqm0uWKQ0KaZLlvSBb4ChQ/3vFw=
-github.com/opencoff/pflag v0.4.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
-github.com/opencoff/pflag v0.4.1 h1:kORIcgXprp9zY60yeHqBUnz9Z/mLWzkcESzya0beJ2Y=
-github.com/opencoff/pflag v0.4.1/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
 github.com/opencoff/pflag v0.5.0 h1:kK3cSTlGj0fHby/PoFzHkf+Jx3PdiACJwzYDWEWlEKQ=
 github.com/opencoff/pflag v0.5.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
+golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 h1:nVJ3guKA9qdkEQ3TUdXI9QSINo2CUPM/cySEvw2w8I0=
+golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
@@ -30,5 +19,5 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/sign/encrypt.go b/sign/encrypt.go
index 79b61ad..5fc55fd 100644
--- a/sign/encrypt.go
+++ b/sign/encrypt.go
@@ -481,34 +481,34 @@ func (pk *PublicKey) WrapKeyEphemeral(key []byte) (*WrappedKey, error) {
 	randread(newSK[:])
 	clamp(newSK[:])
 
-	return wrapKey(pk, key, &newSK)
+	return wrapKey(pk, key, newSK[:])
 }
 
 // given a file-encryption-key, wrap it in the identity of the recipient 'pk' using our
 // secret key. This function identifies the sender.
 func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) {
-	var ourSK [32]byte
-
-	copy(ourSK[:], sk.toCurve25519SK())
-
-	return wrapKey(pk, key, &ourSK)
+	return wrapKey(pk, key, sk.toCurve25519SK())
 }
 
-func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
-	var curvePK, theirPK, shared [32]byte
+func wrapKey(pk *PublicKey, k []byte, ourSK []byte) (*WrappedKey, error) {
+	curvePK, err := curve25519.X25519(ourSK, curve25519.Basepoint)
+	if err != nil {
+		return nil, fmt.Errorf("wrap: %s", err)
+	}
 
-	copy(theirPK[:], pk.toCurve25519PK())
-	curve25519.ScalarBaseMult(&curvePK, ourSK)
-	curve25519.ScalarMult(&shared, ourSK, &theirPK)
+	shared, err := curve25519.X25519(ourSK, pk.toCurve25519PK())
+	if err != nil {
+		return nil, fmt.Errorf("wrap: %s", err)
+	}
 
-	ek, nonce, err := aeadSeal(k, shared[:], pk.Pk)
+	ek, nonce, err := aeadSeal(k, shared, pk.Pk)
 	if err != nil {
 		return nil, fmt.Errorf("wrap: %s", err)
 	}
 
 	return &WrappedKey{
 		PkHash: pk.hash,
-		Pk:     curvePK[:],
+		Pk:     curvePK,
 		Nonce:  nonce,
 		Key:    ek,
 	}, nil
@@ -516,27 +516,24 @@ func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
 
 // Unwrap a wrapped key using the private key 'sk'
 func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) {
-	var shared, theirPK, ourSK [32]byte
-
-	pk := sk.PublicKey()
-
-	copy(ourSK[:], sk.toCurve25519SK())
-	copy(theirPK[:], w.Pk)
-	curve25519.ScalarMult(&shared, &ourSK, &theirPK)
+	ourSK := sk.toCurve25519SK()
+	shared, err := curve25519.X25519(ourSK, w.Pk)
+	if err != nil {
+		return nil, fmt.Errorf("unwrap: %s", err)
+	}
 
 	if senderPk != nil {
-		var cPK, shared2 [32]byte
+		shared2, err := curve25519.X25519(ourSK, senderPk.toCurve25519PK())
+		if err != nil {
+			return nil, fmt.Errorf("unwrap: %s", err)
+		}
 
-		curvePK := senderPk.toCurve25519PK()
-
-		copy(cPK[:], curvePK)
-		curve25519.ScalarMult(&shared2, &ourSK, &cPK)
-
-		if subtle.ConstantTimeCompare(shared2[:], shared[:]) != 1 {
+		if subtle.ConstantTimeCompare(shared2, shared) != 1 {
 			return nil, fmt.Errorf("unwrap: sender validation failed")
 		}
 	}
 
+	pk := sk.PublicKey()
 	key, err := aeadOpen(w.Key, w.Nonce, shared[:], pk.Pk)
 	if err != nil {
 		return nil, err
diff --git a/version b/version
index faef31a..39e898a 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-0.7.0
+0.7.1