diff --git a/core/java/src/net/i2p/crypto/CryptixAESEngine.java b/core/java/src/net/i2p/crypto/CryptixAESEngine.java
index 20b5c743cdc215908ac82e36d6895979d32826c1..a334cb2e2004387de633d400e5d2836d34a06cc1 100644
--- a/core/java/src/net/i2p/crypto/CryptixAESEngine.java
+++ b/core/java/src/net/i2p/crypto/CryptixAESEngine.java
@@ -123,15 +123,17 @@ public class CryptixAESEngine extends AESEngine {
     }
 
     public final void encryptBlock(byte payload[], int inIndex, SessionKey sessionKey, byte out[], int outIndex) {
-        CryptixAESKeyCache.KeyCacheEntry keyData = _cache.acquireKey();
-        try {
-            Object key = CryptixRijndael_Algorithm.makeKey(sessionKey.getData(), 16, keyData);
-            CryptixRijndael_Algorithm.blockEncrypt(payload, out, inIndex, outIndex, key, 16);
-        } catch (InvalidKeyException ike) {
-            _log.error("Invalid key", ike);
-        } finally {
-            _cache.releaseKey(keyData);
+        if (sessionKey.getPreparedKey() == null) {
+            try {
+                Object key = CryptixRijndael_Algorithm.makeKey(sessionKey.getData(), 16);
+                sessionKey.setPreparedKey(key);
+            } catch (InvalidKeyException ike) {
+                _log.log(Log.CRIT, "Invalid key", ike);
+                throw new IllegalArgumentException("wtf, invalid key?  " + ike.getMessage());
+            }
         }
+        
+        CryptixRijndael_Algorithm.blockEncrypt(payload, out, inIndex, outIndex, sessionKey.getPreparedKey(), 16);
     }
 
     /** decrypt the data with the session key provided
@@ -146,15 +148,17 @@ public class CryptixAESEngine extends AESEngine {
             throw new IllegalArgumentException("bad block args [payload.len=" + payload.length 
                                                + " inIndex=" + inIndex + " rv.len=" + rv.length 
                                                + " outIndex="+outIndex);
-		CryptixAESKeyCache.KeyCacheEntry keyData = _cache.acquireKey();
-        try {
-            Object key = CryptixRijndael_Algorithm.makeKey(sessionKey.getData(), 16, keyData);
-            CryptixRijndael_Algorithm.blockDecrypt(payload, rv, inIndex, outIndex, key, 16);
-        } catch (InvalidKeyException ike) {
-            _log.error("Invalid key", ike);
-        } finally {
-            _cache.releaseKey(keyData);
+        if (sessionKey.getPreparedKey() == null) {
+            try {
+                Object key = CryptixRijndael_Algorithm.makeKey(sessionKey.getData(), 16);
+                sessionKey.setPreparedKey(key);
+            } catch (InvalidKeyException ike) {
+                _log.log(Log.CRIT, "Invalid key", ike);
+                throw new IllegalArgumentException("wtf, invalid key?  " + ike.getMessage());
+            }
         }
+
+        CryptixRijndael_Algorithm.blockDecrypt(payload, rv, inIndex, outIndex, sessionKey.getPreparedKey(), 16);
     }
     
     public static void main(String args[]) {
diff --git a/core/java/src/net/i2p/data/SessionKey.java b/core/java/src/net/i2p/data/SessionKey.java
index e607c8a28d1b4faf25f1da37dce7401009032c49..d791007b033b677b5b892e0874d4767df462887e 100644
--- a/core/java/src/net/i2p/data/SessionKey.java
+++ b/core/java/src/net/i2p/data/SessionKey.java
@@ -24,6 +24,7 @@ import net.i2p.util.Log;
 public class SessionKey extends DataStructureImpl {
     private final static Log _log = new Log(SessionKey.class);
     private byte[] _data;
+    private Object _preparedKey;
 
     public final static int KEYSIZE_BYTES = 32;
 
@@ -38,9 +39,23 @@ public class SessionKey extends DataStructureImpl {
         return _data;
     }
 
+    /**
+     * caveat: this method isn't synchronized with the preparedKey, so don't
+     * try to *change* the key data after already doing some 
+     * encryption/decryption (or if you do change it, be sure this object isn't
+     * mid decrypt)
+     */
     public void setData(byte[] data) {
         _data = data;
+        _preparedKey = null;
     }
+    
+    /** 
+     * retrieve an internal representation of the session key, as known
+     * by the AES engine used.  this can be reused safely
+     */
+    public Object getPreparedKey() { return _preparedKey; }
+    public void setPreparedKey(Object obj) { _preparedKey = obj; }
 
     public void readBytes(InputStream in) throws DataFormatException, IOException {
         _data = new byte[KEYSIZE_BYTES];
diff --git a/history.txt b/history.txt
index dfa3b27d5d2a771e0369f3b1c9aa8e1c476292f5..dbf2dc4476bd9263bb19cbdc6acccc033959bbe9 100644
--- a/history.txt
+++ b/history.txt
@@ -1,4 +1,8 @@
-$Id: history.txt,v 1.203 2005/04/30 19:48:15 jrandom Exp $
+$Id: history.txt,v 1.204 2005/05/01 12:21:50 jrandom Exp $
+
+2005-05-01  jrandom
+    * Added a substantial optimization to the AES engine by caching the
+      prepared session keys (duh).
 
 2005-05-01  jrandom
     * Cleaned up the peers page a bit more.
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index e88e855311cb3290b36b2341e5c80d7e77e69e51..51f1100b76f9c898508d8a218a698d8a120713c2 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -15,9 +15,9 @@ import net.i2p.CoreVersion;
  *
  */
 public class RouterVersion {
-    public final static String ID = "$Revision: 1.194 $ $Date: 2005/04/30 19:48:15 $";
+    public final static String ID = "$Revision: 1.195 $ $Date: 2005/05/01 12:21:49 $";
     public final static String VERSION = "0.5.0.7";
-    public final static long BUILD = 6;
+    public final static long BUILD = 7;
     public static void main(String args[]) {
         System.out.println("I2P Router version: " + VERSION);
         System.out.println("Router ID: " + RouterVersion.ID);