diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
index 6e917cf0c13725e81306fac0803a51a9e2c40e42..0e1a61d2b748e5b4ede0148899e17e12c4427605 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
@@ -14,6 +14,7 @@ import java.util.Properties;
 import java.util.Set;
 import java.util.TreeMap;
 
+import net.i2p.client.I2PClient;
 import net.i2p.data.Base64;
 import net.i2p.data.Destination;
 import net.i2p.data.PrivateKeyFile;
@@ -177,6 +178,11 @@ public class EditBean extends IndexBean {
         return getBooleanProperty(tunnel, "i2cp.encryptLeaseSet");
     }
     
+    /** @since 0.9.11 */
+    public int getSigType(int tunnel) {
+        return getProperty(tunnel, I2PClient.PROP_SIGTYPE, 0);
+    }
+    
     /** @since 0.8.9 */
     public boolean getDCC(int tunnel) {
         return getBooleanProperty(tunnel, I2PTunnelIRCClient.PROP_DCC);
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
index 56be5d3a83731f4a14c9d906227235c6fc48873c..620c8fff3d5ffd2ef1c3cb175662d25c9442b385 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
@@ -22,6 +22,7 @@ import java.util.StringTokenizer;
 import java.util.concurrent.ConcurrentHashMap;
 
 import net.i2p.I2PAppContext;
+import net.i2p.client.I2PClient;
 import net.i2p.data.Base32;
 import net.i2p.data.Certificate;
 import net.i2p.data.Destination;
@@ -950,6 +951,7 @@ public class IndexBean {
             } catch (NumberFormatException nfe) {}
         }
     }
+
     public void setCert(String val) {
         if (val != null) {
             try {
@@ -957,10 +959,24 @@ public class IndexBean {
             } catch (NumberFormatException nfe) {}
         }
     }
+
     public void setSigner(String val) {
         _certSigner = val;
     }
 
+    /** @since 0.9.11 */
+    public void setSigType(String val) {
+        if (val != null) {
+            _otherOptions.put(I2PClient.PROP_SIGTYPE, val);
+            if (val.equals("0"))
+                _certType = 0;
+            else
+                _certType = 5;
+        }
+        // TODO: Call modifyDestination??
+        // Otherwise this only works on a new tunnel...
+    }
+
     /** Modify or create a destination */
     private String modifyDestination() {
         if (_privKeyFile == null || _privKeyFile.trim().length() <= 0)
@@ -1205,7 +1221,7 @@ public class IndexBean {
         "i2cp.reduceIdleTime", "i2cp.reduceQuantity", "i2cp.leaseSetKey", "i2cp.accessList",
          PROP_MAX_CONNS_MIN, PROP_MAX_CONNS_HOUR, PROP_MAX_CONNS_DAY,
          PROP_MAX_TOTAL_CONNS_MIN, PROP_MAX_TOTAL_CONNS_HOUR, PROP_MAX_TOTAL_CONNS_DAY,
-         PROP_MAX_STREAMS
+         PROP_MAX_STREAMS, I2PClient.PROP_SIGTYPE
         };
     private static final String _httpServerOpts[] = {
         I2PTunnelHTTPServer.OPT_POST_WINDOW,
diff --git a/apps/i2ptunnel/jsp/editServer.jsp b/apps/i2ptunnel/jsp/editServer.jsp
index a6c8e7413820032c62294bf8277c00ecec60e634..c9c72f6c0ecfa4a936f428cb93cd747d32c2c40a 100644
--- a/apps/i2ptunnel/jsp/editServer.jsp
+++ b/apps/i2ptunnel/jsp/editServer.jsp
@@ -491,6 +491,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
                 <hr />
             </div>
            
+<% /***************** %>
             <div id="tunnelOptionsField" class="rowItem">
                 <label for="cert" accesskey="c">
                     <%=intl._("New Certificate type")%>(<span class="accessKey">C</span>):
@@ -533,6 +534,32 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
                 <button accesskey="S" class="control" type="submit" name="action" value="Modify" title="Force New Cert Now"><%=intl._("Modify")%></button>
                 <span class="comment"><%=intl._("(Tunnel must be stopped first)")%></span>
             </div>
+<% **********************/ %>
+
+            <div id="tunnelOptionsField" class="rowItem">
+                <label>
+                    <%=intl._("Signature type")%>
+                    (<%=intl._("Experts only! Changes B32!")%>)
+                </label>
+            </div>
+            <div id="hostField" class="rowItem">
+              <div id="portField" class="rowItem">
+                <label>DSA-SHA1</label>
+                <input value="0" type="radio" id="startOnLoad" name="sigType" title="Default"<%=(editBean.getSigType(curTunnel)==0 ? " checked=\"checked\"" : "")%> class="tickbox" />                
+              </div>
+              <div id="portField" class="rowItem">
+                <label>ECDSA-P256</label>
+                <input value="1" type="radio" id="startOnLoad" name="sigType" title="Advanced users only"<%=(editBean.getSigType(curTunnel)==1 ? " checked=\"checked\"" : "")%> class="tickbox" />                
+              </div>
+              <div id="portField" class="rowItem">
+                <label>ECDSA-P384</label>
+                <input value="2" type="radio" id="startOnLoad" name="sigType" title="Advanced users only"<%=(editBean.getSigType(curTunnel)==2 ? " checked=\"checked\"" : "")%> class="tickbox" />                
+              </div>
+              <div id="portField" class="rowItem">
+                <label>ECDSA-P521</label>
+                <input value="3" type="radio" id="startOnLoad" name="sigType" title="Advanced users only"<%=(editBean.getSigType(curTunnel)==3 ? " checked=\"checked\"" : "")%> class="tickbox" />                
+              </div>
+            </div>
                  
             <div class="subdivider">
                 <hr />
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/NetDbRenderer.java b/apps/routerconsole/java/src/net/i2p/router/web/NetDbRenderer.java
index d892469a3c1fce3107453529fbd4cc780fe7f745..db047c39bc6ed9f9865f65f5ecd8b19066c37743 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/NetDbRenderer.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/NetDbRenderer.java
@@ -23,6 +23,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
 
+import net.i2p.data.Base32;
 import net.i2p.data.DataHelper;
 import net.i2p.data.Destination;
 import net.i2p.data.Hash;
@@ -167,6 +168,8 @@ public class NetDbRenderer {
                         median = dist;
                 }
                 buf.append(" Dist: <b>").append(fmt.format(biLog2(dist))).append("</b><br>");
+                buf.append(Base32.encode(key.getData())).append(".b32.i2p<br>");
+                buf.append("Sig type: ").append(dest.getSigningPublicKey().getType()).append("<br>");
                 buf.append("Routing Key: ").append(ls.getRoutingKey().toBase64());
                 buf.append("<br>");
                 buf.append("Encryption Key: ").append(ls.getEncryptionKey().toBase64().substring(0, 20)).append("...<br>");
diff --git a/apps/susidns/src/java/src/i2p/susi/dns/AddressBean.java b/apps/susidns/src/java/src/i2p/susi/dns/AddressBean.java
index 24289f903e9139a346f1f5e49878f35d24284aa6..eef101c1e4ed9714a78536085679d8d5655a3727 100644
--- a/apps/susidns/src/java/src/i2p/susi/dns/AddressBean.java
+++ b/apps/susidns/src/java/src/i2p/susi/dns/AddressBean.java
@@ -29,6 +29,7 @@ import java.util.Locale;
 import java.util.Properties;
 
 import net.i2p.I2PAppContext;
+import net.i2p.crypto.SigType;
 import net.i2p.data.Base32;
 import net.i2p.data.Base64;
 import net.i2p.data.Certificate;
@@ -228,11 +229,38 @@ public class AddressBean
 				return _("Hidden");
 			case Certificate.CERTIFICATE_TYPE_SIGNED:
 				return _("Signed");
+			case Certificate.CERTIFICATE_TYPE_KEY:
+				return _("Key");
 			default:
 				return _("Type {0}", type);
 		}
 	}
 
+	/**
+	 * Do this the easy way
+	 * @since 0.9.11
+	 */
+	public String getSigType() {
+		// (4 / 3) * (pubkey length + signing key length)
+		String cert = destination.substring(512);
+		if (cert.equals("AAAA"))
+			return _("DSA 1024 bit");
+		byte[] enc = Base64.decode(cert);
+		if (enc == null)
+			// shouldn't happen
+			return "invalid";
+		int type = enc[0] & 0xff;
+		if (type != Certificate.CERTIFICATE_TYPE_KEY)
+			return _("DSA 1024 bit");
+		int st = ((enc[3] & 0xff) << 8) | (enc[4] & 0xff);
+		if (st == 0)
+			return _("DSA 1024 bit");
+		SigType stype = SigType.getByCode(st);
+                if (stype == null)
+			return _("Type {0}", st);
+                return stype.toString();
+	}
+
 	/** @since 0.8.7 */
 	private String getProp(String p) {
 		if (props == null)
diff --git a/apps/susidns/src/jsp/details.jsp b/apps/susidns/src/jsp/details.jsp
index 2c657f7c2386af7c441c62ecdc349f67152f73df..d5d6256414a32bf065e745d7e4ed505cfba9710c 100644
--- a/apps/susidns/src/jsp/details.jsp
+++ b/apps/susidns/src/jsp/details.jsp
@@ -107,7 +107,7 @@
 <td><%=intl._("ElGamal 2048 bit")%></td>
 </tr><tr class="list${book.trClass}">
 <td><%=intl._("Signing Key")%></td>
-<td><%=intl._("DSA 1024 bit")%></td>
+<td><%=addr.getSigType()%></td>
 </tr><tr class="list${book.trClass}">
 <td><%=intl._("Certificate")%></td>
 <td><%=addr.getCert()%></td>