diff --git a/DigitalData.Core.Abstractions/Security/ICryptFactory.cs b/DigitalData.Core.Abstractions/Security/ICryptFactory.cs
index a1d1a12..d444062 100644
--- a/DigitalData.Core.Abstractions/Security/ICryptFactory.cs
+++ b/DigitalData.Core.Abstractions/Security/ICryptFactory.cs
@@ -18,6 +18,8 @@ namespace DigitalData.Core.Abstractions.Security
 
         string EncryptedPrivateKeyPemLabel { get; init; }
 
+        Func<IRSADecryptor, string, string, string, string> RSADecryptorKeyFormatter { get; }
+
         string CreateRSAPrivateKeyPem(int? keySizeInBits = null);
 
         string CreateEncryptedPrivateKeyPem(
diff --git a/DigitalData.Core.Security/CryptFactory.cs b/DigitalData.Core.Security/CryptFactory.cs
index b341974..3e52517 100644
--- a/DigitalData.Core.Security/CryptFactory.cs
+++ b/DigitalData.Core.Security/CryptFactory.cs
@@ -1,5 +1,6 @@
 using DigitalData.Core.Abstractions.Security;
 using Microsoft.Extensions.Logging;
+using System.Text;
 
 namespace DigitalData.Core.Security
 {
@@ -9,13 +10,35 @@ namespace DigitalData.Core.Security
 
         public IRSADecryptor this[string key] { get => _decryptors[key]; set => _decryptors[key] = value; }
 
-        public CryptFactory(ILogger<CryptFactory> logger, IDictionary<string, IRSADecryptor> decryptors) : base()
+        public Func<IRSADecryptor, string, string, string, string> RSADecryptorKeyFormatter { get; }
+
+        public CryptFactory(ILogger<CryptFactory> logger, IDictionary<string, IRSADecryptor> decryptors, Func<IRSADecryptor, string, string, string, string> rsaDecryptorKeyFormatter) : base()
         {
             _decryptors = decryptors ?? new Dictionary<string, IRSADecryptor>();
 
+            RSADecryptorKeyFormatter = rsaDecryptorKeyFormatter;
+
             logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
         }
 
         public bool TryGetRSADecryptor(string key, out IRSADecryptor? decryptor) => _decryptors.TryGetValue(key, out decryptor);
+
+        public static string DefaultRSADecryptorKeyFormatter(IRSADecryptor decryptor, string issuer, string audience, string separator = "-_-")
+        {
+            var sb = new StringBuilder(issuer.Length + audience.Length + separator.Length * 2 + 20);
+            sb.Append(issuer).Append(separator).Append(audience).Append(separator);
+
+            if (decryptor.HasEncryptedPem)
+                sb.Append("e-private").Append(separator).Append(decryptor.PasswordVersion);
+            else
+                sb.Append("private");
+
+            var rsaKey = sb.Append(".pem").ToString();
+
+            if (Path.GetInvalidFileNameChars().Any(rsaKey.Contains))
+                throw new ArgumentException("RSA decryptor key name creation is forbidden. The key contains forbidden characters that are not allowed in file naming.", nameof(rsaKey));
+
+            return rsaKey;
+        }
     }
 }
\ No newline at end of file