diff --git a/README.md b/README.md
index e824e77ce98dc2c4f12bae819fdd89a603c0a972..173dc50acc465539b4bcfc940c923d30227c690b 100644
--- a/README.md
+++ b/README.md
@@ -53,8 +53,18 @@ We want a library that:
   * Mainly armeabi and armv7
 * Is suitable for real-world security purposes
   * not a demo or a toy library
+    * documents its limitations
+  * is well-tested
   * avoids real-world pitfalls (side-channel attacks, etc), not just textbook issues
   * has more than a handful of other users
+  * is well-maintained
+    * developers are responsive to security reports
+    * has a channel for security-related disclosures
+	* has sound documentation for proper, safe usage
+
+And,
+of course,
+implements the required functionality.
 
 ### SHA256
 
diff --git a/make-keypairs/Main.hs b/make-keypairs/Main.hs
index c537ae4d3420c2c0ee42f80ac67c4d3cd281cd2b..d77171e5303c5fedfedabacef1830f9c687e5581 100644
--- a/make-keypairs/Main.hs
+++ b/make-keypairs/Main.hs
@@ -1,11 +1,11 @@
 module Main where
 
-import Codec.Crypto.RSA (generateKeyPair)
-import Crypto.Random (CryptoRandomGen (newGenIO), SystemRandom)
+import qualified Crypto.PubKey.RSA as RSA
 import Data.ASN1.BinaryEncoding (DER (DER))
 import Data.ASN1.Encoding (ASN1Encoding (encodeASN1))
 import Data.ASN1.Types (ASN1Object (toASN1))
 import qualified Data.ByteString.Lazy as LB
+import Data.X509 (PrivKey (PrivKeyRSA))
 
 -- | The size of the keys to generate.
 bits :: Int
@@ -17,11 +17,12 @@ count = 5
 
 main :: IO ()
 main = do
-    g <- newGenIO :: IO SystemRandom
-    mapM_ (genKey g) [0 .. count - 1]
+    mapM_ genKey [0 .. count - 1]
 
-genKey :: (Show a, CryptoRandomGen c) => c -> a -> IO ()
-genKey g n =
-    let (_, priv, _) = generateKeyPair g bits
-        bytes = encodeASN1 DER (toASN1 priv [])
-     in LB.writeFile ("test/data/rsa-privkey-" <> show n <> ".der") bytes
+genKey :: Show a => a -> IO ()
+genKey n = do
+    (_, priv) <- RSA.generate bits e
+    let bytes = encodeASN1 DER (toASN1 (PrivKeyRSA priv) [])
+    LB.writeFile ("test/data/rsa-privkey-" <> show n <> ".der") bytes
+  where
+    e = 0x10001
diff --git a/tahoe-ssk.cabal b/tahoe-ssk.cabal
index d25963a529aabf8d749de048332476419d22e7a6..2b45eec86bb69af0380e0a52e3045169f136c5e3 100644
--- a/tahoe-ssk.cabal
+++ b/tahoe-ssk.cabal
@@ -149,3 +149,4 @@ executable make-keypairs
     , base
     , bytestring
     , cryptonite
+    , x509