diff --git a/encode-ssk/Main.hs b/encode-ssk/Main.hs
new file mode 100644
index 0000000000000000000000000000000000000000..cc50fb611105491eef02c21ce3c8d22e89af94e7
--- /dev/null
+++ b/encode-ssk/Main.hs
@@ -0,0 +1,29 @@
+module Main where
+
+import qualified Crypto.PubKey.RSA as RSA
+import Data.Binary (encode)
+import Data.ByteString.Base32 (encodeBase32Unpadded)
+import qualified Data.ByteString.Lazy as LB
+import qualified Data.Text as T
+import qualified Data.Text.IO as T
+import System.IO (stdin)
+import qualified Tahoe.SDMF as SDMF
+import qualified Tahoe.SDMF.Keys as SDMF.Keys
+
+main :: IO ()
+main = do
+    plaintext <- LB.hGetContents stdin
+    keypair <- SDMF.Keys.KeyPair . snd <$> RSA.generate (2048 `div` 8) e
+    Just iv <- SDMF.randomIV
+
+    let ciphertext = SDMF.encrypt keypair iv plaintext
+    (shares, writeCap) <- SDMF.encode keypair iv 1 3 5 ciphertext
+    let shareBytes = encode <$> shares
+
+    let si = SDMF.Keys.unStorageIndex . SDMF.verifierStorageIndex . SDMF.readerVerifier . SDMF.writerReader $ writeCap
+
+    mapM_ (uncurry (writeShare si)) (zip [0 :: Int ..] shareBytes)
+    T.putStrLn (SDMF.dangerRealShow (SDMF.SDMFWriter writeCap))
+  where
+    e = 0x10001
+    writeShare si shnum = LB.writeFile $ (T.unpack . T.toLower . encodeBase32Unpadded $ si) <> "." <> show shnum
diff --git a/tahoe-ssk.cabal b/tahoe-ssk.cabal
index 68fbb5a1214c4eb5f111df540624ce86a0ad69f0..bd04c33880d49b8ad7b4a3eb16633a001d330818 100644
--- a/tahoe-ssk.cabal
+++ b/tahoe-ssk.cabal
@@ -164,3 +164,19 @@ executable make-keypairs
     , cryptonite
     , tahoe-ssk
     , x509
+
+executable encode-ssk
+  import:
+    warnings
+    , language
+
+  main-is:        Main.hs
+  hs-source-dirs: encode-ssk
+  build-depends:
+    , base
+    , base32
+    , binary
+    , bytestring
+    , cryptonite
+    , tahoe-ssk
+    , text