diff --git a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
index 9963bf5ff..7fc3ac557 100644
--- a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
+++ b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
@@ -14,6 +14,7 @@ import java.util.Properties;
 import net.i2p.CoreVersion;
 import net.i2p.crypto.EncType;
 import net.i2p.crypto.SigType;
+import net.i2p.data.Base64;
 import net.i2p.data.DatabaseEntry;
 import net.i2p.data.DataHelper;
 import net.i2p.data.Destination;
@@ -647,6 +648,16 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
                     EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
                     encls.setSecret(secret);
                 }
+                // per-client auth
+                String pk = cfg.getOptions().getProperty("i2cp.leaseSetPrivKey");
+                if (pk != null) {
+                    byte[] priv = Base64.decode(pk);
+                    if (priv == null)
+                        throw new IllegalArgumentException("bad privkey");
+                    PrivateKey privkey = new PrivateKey(EncType.ECIES_X25519, priv);
+                    EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
+                    encls.setClientPrivateKey(privkey);
+                }
             }
             if (_log.shouldDebug())
                 _log.debug("Publishing: " + ls);