diff --git a/apps/streaming/java/src/net/i2p/client/streaming/impl/PacketLocal.java b/apps/streaming/java/src/net/i2p/client/streaming/impl/PacketLocal.java
index 542de8f2f8634e24d14415016e9622b291472761..b6a55d351fc7daaff1d257e5c9766bb48796b18c 100644
--- a/apps/streaming/java/src/net/i2p/client/streaming/impl/PacketLocal.java
+++ b/apps/streaming/java/src/net/i2p/client/streaming/impl/PacketLocal.java
@@ -216,6 +216,8 @@ class PacketLocal extends Packet implements MessageOutputStream.WriteStatus {
         SigningPrivateKey key = _session.getPrivateKey();
         int size = writePacket(buffer, offset, key.getType().getSigLen());
         _optionSignature = _context.dsa().sign(buffer, offset, size, key);
+        if (_optionSignature == null)
+            throw new IllegalStateException("Signature failed");
         //if (false) {
         //    Log l = ctx.logManager().getLog(Packet.class);
         //    l.error("Signing: " + toString());
diff --git a/core/java/src/net/i2p/crypto/DSAEngine.java b/core/java/src/net/i2p/crypto/DSAEngine.java
index e4a8e675888b3f915a6fefc817c283b1c7d07d32..d7dfe657a188f88ebb4fd9af5b1fb3f4c83cd08b 100644
--- a/core/java/src/net/i2p/crypto/DSAEngine.java
+++ b/core/java/src/net/i2p/crypto/DSAEngine.java
@@ -285,8 +285,8 @@ public class DSAEngine {
             try {
                 return altSign(data, offset, length, signingKey);
             } catch (GeneralSecurityException gse) {
-                if (_log.shouldLog(Log.WARN))
-                    _log.warn(type + " Sign Fail", gse);
+                if (_log.shouldLog(Log.ERROR))
+                    _log.error(type + " Sign Fail", gse);
                 return null;
             }
         }
diff --git a/core/java/src/net/i2p/crypto/KeyGenerator.java b/core/java/src/net/i2p/crypto/KeyGenerator.java
index aa6164e3055a3020dbf68c1d072b4467b0eed5be..60742c2fb9682731d0ebab6be19ddb9dbb015ed3 100644
--- a/core/java/src/net/i2p/crypto/KeyGenerator.java
+++ b/core/java/src/net/i2p/crypto/KeyGenerator.java
@@ -417,6 +417,8 @@ public class KeyGenerator {
             RandomSource.getInstance().nextBytes(src);
             long start = System.nanoTime();
             Signature sig = DSAEngine.getInstance().sign(src, privkey);
+            if (sig == null)
+                throw new GeneralSecurityException("signature generation failed");
             long mid = System.nanoTime();
             boolean ok = DSAEngine.getInstance().verifySignature(sig, src, pubkey);
             long end = System.nanoTime();
diff --git a/core/java/src/net/i2p/data/DatabaseEntry.java b/core/java/src/net/i2p/data/DatabaseEntry.java
index c2dd42113f95e1055650f0d75c1fb4da1a72b99d..09fc6a50a3928205637b998a0aef0b160fa2971a 100644
--- a/core/java/src/net/i2p/data/DatabaseEntry.java
+++ b/core/java/src/net/i2p/data/DatabaseEntry.java
@@ -171,8 +171,12 @@ public abstract class DatabaseEntry extends DataStructureImpl {
             throw new IllegalStateException();
         byte[] bytes = getBytes();
         if (bytes == null) throw new DataFormatException("Not enough data to sign");
+        if (key == null)
+            throw new DataFormatException("No signing key");
         // now sign with the key 
         _signature = DSAEngine.getInstance().sign(bytes, key);
+        if (_signature == null)
+            throw new DataFormatException("Signature failed with " + key.getType() + " key");
     }
 
     /**
diff --git a/core/java/src/net/i2p/data/PrivateKeyFile.java b/core/java/src/net/i2p/data/PrivateKeyFile.java
index 96cc8a47b0c220fd4382df9e45008534ed4d1701..f42d8da15e7502bfbd428782337ef504540c4033 100644
--- a/core/java/src/net/i2p/data/PrivateKeyFile.java
+++ b/core/java/src/net/i2p/data/PrivateKeyFile.java
@@ -405,7 +405,10 @@ public class PrivateKeyFile {
         System.arraycopy(this.dest.getPublicKey().getData(), 0, data, 0, PublicKey.KEYSIZE_BYTES);
         System.arraycopy(this.dest.getSigningPublicKey().getData(), 0, data, PublicKey.KEYSIZE_BYTES, SigningPublicKey.KEYSIZE_BYTES);
         byte[] payload = new byte[Hash.HASH_LENGTH + Signature.SIGNATURE_BYTES];
-        byte[] sig = DSAEngine.getInstance().sign(new ByteArrayInputStream(data), spk2).getData();
+        Signature sign = DSAEngine.getInstance().sign(new ByteArrayInputStream(data), spk2);
+        if (sign == null)
+            return null;
+        byte[] sig = sign.getData();
         System.arraycopy(sig, 0, payload, 0, Signature.SIGNATURE_BYTES);
         // Add dest2's Hash for reference
         byte[] h2 = d2.calculateHash().getData();
diff --git a/core/java/src/net/i2p/data/i2cp/SessionConfig.java b/core/java/src/net/i2p/data/i2cp/SessionConfig.java
index de6734349e0f9371de22d7744a45b96f30a75a57..531194d17739636a7279922cf504f112a80c86a1 100644
--- a/core/java/src/net/i2p/data/i2cp/SessionConfig.java
+++ b/core/java/src/net/i2p/data/i2cp/SessionConfig.java
@@ -121,7 +121,11 @@ public class SessionConfig extends DataStructureImpl {
     public void signSessionConfig(SigningPrivateKey signingKey) throws DataFormatException {
         byte data[] = getBytes();
         if (data == null) throw new DataFormatException("Unable to retrieve bytes for signing");
+        if (signingKey == null)
+            throw new DataFormatException("No signing key");
         _signature = DSAEngine.getInstance().sign(data, signingKey);
+        if (_signature == null)
+            throw new DataFormatException("Signature failed with " + signingKey.getType() + " key");
     }
 
     /**