diff --git a/DigitalData.Auth.Client/ClientPublicKey.cs b/DigitalData.Auth.Client/ClientPublicKey.cs
index 607f7e7..d6dcfaa 100644
--- a/DigitalData.Auth.Client/ClientPublicKey.cs
+++ b/DigitalData.Auth.Client/ClientPublicKey.cs
@@ -1,5 +1,5 @@
 using DigitalData.Core.Abstractions.Security;
-using DigitalData.Core.Security.RSAKey;
+using DigitalData.Core.Security.RSAKey.Base;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Cryptography;
 
diff --git a/DigitalData.Auth.Client/DigitalData.Auth.Client.csproj b/DigitalData.Auth.Client/DigitalData.Auth.Client.csproj
index daa7bb6..b4d0420 100644
--- a/DigitalData.Auth.Client/DigitalData.Auth.Client.csproj
+++ b/DigitalData.Auth.Client/DigitalData.Auth.Client.csproj
@@ -27,9 +27,9 @@
 	
   <ItemGroup>
     <PackageReference Include="DigitalData.Core.Abstractions" Version="3.3.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="9.0.1" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.3" />
   </ItemGroup>
 	
   <ItemGroup>
diff --git a/DigitalData.Auth.Tests/Client/AuthClientTests.cs b/DigitalData.Auth.Tests/Client/AuthClientTests.cs
index eb3dbdd..b748e99 100644
--- a/DigitalData.Auth.Tests/Client/AuthClientTests.cs
+++ b/DigitalData.Auth.Tests/Client/AuthClientTests.cs
@@ -1,10 +1,12 @@
 using DigitalData.Auth.Abstractions;
 using DigitalData.Auth.API.Hubs;
 using DigitalData.Auth.Client;
-using DigitalData.Core.Abstractions.Security;
-using DigitalData.Core.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
 using DigitalData.Core.Security.Config;
-using DigitalData.Core.Security.RSAKey;
+using DigitalData.Core.Security.Extensions;
+using DigitalData.Core.Security.RSAKey.Auth;
+using DigitalData.Core.Security.RSAKey.Crypto;
+using DigitalData.Core.Security.Services;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -46,7 +48,7 @@ public class AuthClientTests
                 Issuer = "Foo",
                 Audience = "Bar",
                 Lifetime = new TimeSpan(1, 0, 0),
-                Content = Instance.RSAFactory.CreatePrivateKeyPem()
+                Content = RSAFactory.Static.CreatePrivateKeyPem()
             }
         ];
     }
@@ -56,7 +58,7 @@ public class AuthClientTests
         // Create builder and add SignalR service
         var builder = WebApplication.CreateBuilder();
         builder.Services.AddSignalR();
-        builder.Services.AddCryptoFactory(new CryptoFactoryParams()
+        builder.Services.AddRSAPool(new RSAParams()
         {
             PemDirectory = "/",
             Decryptors = [new RSADecryptor()],
@@ -76,8 +78,8 @@ public class AuthClientTests
         return app;
     }
 
-    private static CryptoFactoryParams GetCryptoFactoryParamsOf(WebApplication application) => application
-        .Services.GetRequiredService<IOptions<CryptoFactoryParams>>().Value;
+    private static RSAParams GetCryptoFactoryParamsOf(WebApplication application) => application
+        .Services.GetRequiredService<IOptions<RSAParams>>().Value;
 
     [SetUp]
     public void Setup()
diff --git a/DigitalData.Auth.Tests/DigitalData.Auth.Tests.csproj b/DigitalData.Auth.Tests/DigitalData.Auth.Tests.csproj
index 5f4811e..6c70286 100644
--- a/DigitalData.Auth.Tests/DigitalData.Auth.Tests.csproj
+++ b/DigitalData.Auth.Tests/DigitalData.Auth.Tests.csproj
@@ -15,7 +15,7 @@
 
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.2.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="NUnit" Version="3.14.0" />
     <PackageReference Include="NUnit.Analyzers" Version="3.9.0" />
diff --git a/src/DigitalData.Auth.API/Controllers/AuthController.cs b/src/DigitalData.Auth.API/Controllers/AuthController.cs
index 549d656..951c6d9 100644
--- a/src/DigitalData.Auth.API/Controllers/AuthController.cs
+++ b/src/DigitalData.Auth.API/Controllers/AuthController.cs
@@ -10,6 +10,8 @@ using DigitalData.Auth.API.Dto;
 using DigitalData.Auth.API.Services.Contracts;
 using DigitalData.Auth.API.Entities;
 using DigitalData.Core.DTO;
+using DigitalData.Core.Abstractions.Security.Services;
+using DigitalData.Core.Abstractions.Security.Extensions;
 
 namespace DigitalData.Auth.API.Controllers
 {
@@ -23,7 +25,7 @@ namespace DigitalData.Auth.API.Controllers
 
         private readonly AuthApiParams _apiParams;
 
-        private readonly ICryptoFactory _cryptoFactory;
+        private readonly IAsymmetricKeyPool _keyPool;
 
         private readonly ILogger<AuthController> _logger;
 
@@ -33,11 +35,11 @@ namespace DigitalData.Auth.API.Controllers
 
         private readonly IConsumerService _consumerService;
 
-        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, ICryptoFactory cryptoFactory, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler)
+        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, IAsymmetricKeyPool keyPool, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler)
         {
             _apiParams = cookieParamsOptions.Value;
             _userSignatureHandler = userSignatureHandler;
-            _cryptoFactory = cryptoFactory;
+            _keyPool = keyPool;
             _logger = logger;
             _userService = userService;
             _dirSearchService = dirSearchService;
@@ -82,7 +84,7 @@ namespace DigitalData.Auth.API.Controllers
             if (consumer is null)
                 return Unauthorized();
 
-            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
+            if (!_keyPool.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
                 return StatusCode(StatusCodes.Status500InternalServerError);
 
             var token = _userSignatureHandler.WriteToken(uRes!.Data, descriptor);
@@ -104,7 +106,7 @@ namespace DigitalData.Auth.API.Controllers
             if (consumer is null || consumer.Password != login.Password)
                 return Unauthorized();
     
-            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.LocalConsumer.Audience, out var descriptor))
+            if (!_keyPool.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.LocalConsumer.Audience, out var descriptor))
                 return StatusCode(StatusCodes.Status500InternalServerError);
 
             var token = _consumerSignatureHandler.WriteToken(consumer, descriptor);
diff --git a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
index 88b8861..3f961ce 100644
--- a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
+++ b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
@@ -10,9 +10,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="DigitalData.Core.Abstractions" Version="3.3.0" />
+    <PackageReference Include="DigitalData.Core.Abstractions" Version="3.4.0" />
+    <PackageReference Include="DigitalData.Core.Abstractions.Security" Version="1.0.0" />
     <PackageReference Include="DigitalData.Core.Application" Version="3.2.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.2.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.1" />
diff --git a/src/DigitalData.Auth.API/Hubs/AuthHub.cs b/src/DigitalData.Auth.API/Hubs/AuthHub.cs
index 05da08c..05351c5 100644
--- a/src/DigitalData.Auth.API/Hubs/AuthHub.cs
+++ b/src/DigitalData.Auth.API/Hubs/AuthHub.cs
@@ -1,5 +1,6 @@
 using DigitalData.Auth.Abstractions;
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using DigitalData.Core.Abstractions.Security.Services;
 using Microsoft.AspNetCore.SignalR;
 using Microsoft.Extensions.Caching.Memory;
 
@@ -7,7 +8,7 @@ namespace DigitalData.Auth.API.Hubs;
 
 public class AuthHub : Hub<IAuthListenHandler>, IAuthSenderHandler
 {
-    private readonly ICryptoFactory _cFactory;
+    private readonly IAsymmetricKeyPool _keyPool;
 
     private readonly ILogger _logger;
 
@@ -15,16 +16,16 @@ public class AuthHub : Hub<IAuthListenHandler>, IAuthSenderHandler
 
     private readonly static string CacheId = Guid.NewGuid().ToString();
 
-    public AuthHub(ICryptoFactory cryptoFactory, ILogger<AuthHub> logger, IMemoryCache cache)
+    public AuthHub(IAsymmetricKeyPool cryptoFactory, ILogger<AuthHub> logger, IMemoryCache cache)
     {
-        _cFactory = cryptoFactory;
+        _keyPool = cryptoFactory;
         _logger = logger;
         _cache = cache;
     }
 
     public async Task GetPublicKeyAsync(string issuer, string audience)
     {
-        if(_cFactory.TokenDescriptors.TryGet(issuer, audience, out var tDesc))
+        if(_keyPool.TokenDescriptors.TryGet(issuer, audience, out var tDesc))
         {
             await Clients.Caller.ReceivePublicKeyAsync(issuer, audience, tDesc.PublicKey.Content);
         }
diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 2896576..b605146 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -2,9 +2,10 @@ using DigitalData.Auth.API.Config;
 using DigitalData.Auth.API.Entities;
 using DigitalData.Auth.API.Hubs;
 using DigitalData.Auth.API.Services;
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using DigitalData.Core.Abstractions.Security.Services;
 using DigitalData.Core.Application;
-using DigitalData.Core.Security;
+using DigitalData.Core.Security.Extensions;
 using DigitalData.UserManager.Application;
 using DigitalData.UserManager.Application.DTOs.User;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -30,7 +31,7 @@ try
     // Add services to the container.
     builder.Services.Configure<AuthApiParams>(config);
     builder.Services.AddAuthService(config);
-    builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
+    builder.Services.AddRSAPool(config.GetSection("CryptParams"));
     builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, api.Id },
@@ -126,7 +127,7 @@ try
 
     issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
     {
-        var factory = app.Services.GetRequiredService<ICryptoFactory>();
+        var factory = app.Services.GetRequiredService<IAsymmetricKeyPool>();
         var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
         return desc.Validator.SecurityKey;
     });