diff --git a/core/java/src/net/i2p/crypto/SigUtil.java b/core/java/src/net/i2p/crypto/SigUtil.java
index 52ca857e6236024c558b57f7002ae816c929ac5b..0be589dc63f52614bc89db48c2700ad50559b330 100644
--- a/core/java/src/net/i2p/crypto/SigUtil.java
+++ b/core/java/src/net/i2p/crypto/SigUtil.java
@@ -43,9 +43,9 @@ import net.i2p.util.NativeBigInteger;
 /**
  * Utilities for Signing keys and Signatures
  *
- * @since 0.9.9
+ * @since 0.9.9, public since 0.9.12
  */
-class SigUtil {
+public class SigUtil {
 
     private static final Map<SigningPublicKey, ECPublicKey> _pubkeyCache = new LHMCache<SigningPublicKey, ECPublicKey>(64);
     private static final Map<SigningPrivateKey, ECPrivateKey> _privkeyCache = new LHMCache<SigningPrivateKey, ECPrivateKey>(16);
diff --git a/router/java/src/net/i2p/router/transport/crypto/DHSessionKeyBuilder.java b/router/java/src/net/i2p/router/transport/crypto/DHSessionKeyBuilder.java
index 68ade63967c3cc8dcd52e3ebc2c65bee09adf083..0d49a656aa01af69a95c9b27804e836461008e3a 100644
--- a/router/java/src/net/i2p/router/transport/crypto/DHSessionKeyBuilder.java
+++ b/router/java/src/net/i2p/router/transport/crypto/DHSessionKeyBuilder.java
@@ -12,12 +12,14 @@ package net.i2p.router.transport.crypto;
 //import java.io.InputStream;
 //import java.io.OutputStream;
 import java.math.BigInteger;
+import java.security.InvalidKeyException;
 import java.util.concurrent.LinkedBlockingQueue;
 
 import net.i2p.I2PAppContext;
 import net.i2p.I2PException;
 import net.i2p.crypto.CryptoConstants;
 import net.i2p.crypto.SHA256Generator;
+import net.i2p.crypto.SigUtil;
 import net.i2p.data.ByteArray;
 //import net.i2p.data.DataHelper;
 import net.i2p.data.SessionKey;
@@ -183,16 +185,16 @@ public class DHSessionKeyBuilder {
         return toByteArray(getMyPublicValue());
     }
     
+    /**
+     *  @return exactly 256 bytes
+     *  @throws IllegalArgumentException if requires more than 256 bytes
+     */
     private static final byte[] toByteArray(BigInteger bi) {
-        byte data[] = bi.toByteArray();
-        byte rv[] = new byte[256];
-        if (data.length == 257) // high byte has the sign bit
-            System.arraycopy(data, 1, rv, 0, rv.length);
-        else if (data.length == 256)
-            System.arraycopy(data, 0, rv, 0, rv.length);
-        else
-            System.arraycopy(data, 0, rv, rv.length-data.length, data.length);
-        return rv;
+        try {
+            return SigUtil.rectify(bi, 256);
+        } catch (InvalidKeyException ike) {
+            throw new IllegalArgumentException(ike);
+        }
     }
 
     /**