diff --git a/src/index.js b/src/index.js
index 34daa92..64b9605 100644
--- a/src/index.js
+++ b/src/index.js
@@ -3,18 +3,10 @@
 const hmac = require('./hmac')
 const aes = require('./aes')
 const keys = require('./keys')
-const rsa = require('./keys/rsa')
 
 exports = module.exports
 
 exports.aes = aes
 exports.hmac = hmac
 exports.keys = keys
-
-exports.randomBytes = (number) => {
-  if (!number || typeof number !== 'number') {
-    throw new Error('first argument must be a Number bigger than 0')
-  }
-
-  return rsa.getRandomValues(new Uint8Array(number))
-}
+exports.randomBytes = require('./random-bytes')
diff --git a/src/keys/index.js b/src/keys/index.js
index b84b523..e63e5b1 100644
--- a/src/keys/index.js
+++ b/src/keys/index.js
@@ -1,16 +1,21 @@
 'use strict'
 
 const protobuf = require('protocol-buffers')
-const pbm = protobuf(require('./keys.proto'))
-
-const keys = exports.keys = require('./keys')
+const keysPBM = protobuf(require('./keys.proto'))
 
 exports = module.exports
 
-exports.pbm = pbm
+const supportedKeys = {
+  rsa: require('./rsa-class'),
+  ed25519: require('./ed25519-class'),
+  secp256k1: require('libp2p-crypto-secp256k1')(keysPBM, require('../random-bytes'))
+}
+
+exports.supportedKeys = supportedKeys
+exports.keysPBM = keysPBM
 
 function isValidKeyType (keyType) {
-  const key = keys[keyType.toLowerCase()]
+  const key = supportedKeys[keyType.toLowerCase()]
   return key !== undefined
 }
 
@@ -19,7 +24,7 @@ exports.generateEphemeralKeyPair = require('./ephemeral-keys')
 
 // Generates a keypair of the given type and bitsize
 exports.generateKeyPair = (type, bits, cb) => {
-  let key = keys[type.toLowerCase()]
+  let key = supportedKeys[type.toLowerCase()]
 
   if (!key) {
     return cb(new Error('invalid or unsupported key type'))
@@ -31,7 +36,7 @@ exports.generateKeyPair = (type, bits, cb) => {
 // Generates a keypair of the given type and bitsize
 // seed is a 32 byte uint8array
 exports.generateKeyPairFromSeed = (type, seed, bits, cb) => {
-  let key = keys[type.toLowerCase()]
+  let key = supportedKeys[type.toLowerCase()]
   if (!key) {
     return cb(new Error('invalid or unsupported key type'))
   }
@@ -44,16 +49,16 @@ exports.generateKeyPairFromSeed = (type, seed, bits, cb) => {
 // Converts a protobuf serialized public key into its
 // representative object
 exports.unmarshalPublicKey = (buf) => {
-  const decoded = pbm.PublicKey.decode(buf)
+  const decoded = keysPBM.PublicKey.decode(buf)
 
   switch (decoded.Type) {
-    case pbm.KeyType.RSA:
-      return keys.rsa.unmarshalRsaPublicKey(decoded.Data)
-    case pbm.KeyType.Ed25519:
-      return keys.ed25519.unmarshalEd25519PublicKey(decoded.Data)
-    case pbm.KeyType.Secp256k1:
-      if (keys.secp256k1) {
-        return keys.secp256k1.unmarshalSecp256k1PublicKey(decoded.Data)
+    case keysPBM.KeyType.RSA:
+      return supportedKeys.rsa.unmarshalRsaPublicKey(decoded.Data)
+    case keysPBM.KeyType.Ed25519:
+      return supportedKeys.ed25519.unmarshalEd25519PublicKey(decoded.Data)
+    case keysPBM.KeyType.Secp256k1:
+      if (supportedKeys.secp256k1) {
+        return supportedKeys.secp256k1.unmarshalSecp256k1PublicKey(decoded.Data)
       } else {
         throw new Error('secp256k1 support requires libp2p-crypto-secp256k1 package')
       }
@@ -75,16 +80,16 @@ exports.marshalPublicKey = (key, type) => {
 // Converts a protobuf serialized private key into its
 // representative object
 exports.unmarshalPrivateKey = (buf, callback) => {
-  const decoded = pbm.PrivateKey.decode(buf)
+  const decoded = keysPBM.PrivateKey.decode(buf)
 
   switch (decoded.Type) {
-    case pbm.KeyType.RSA:
-      return keys.rsa.unmarshalRsaPrivateKey(decoded.Data, callback)
-    case pbm.KeyType.Ed25519:
-      return keys.ed25519.unmarshalEd25519PrivateKey(decoded.Data, callback)
-    case pbm.KeyType.Secp256k1:
-      if (keys.secp256k1) {
-        return keys.secp256k1.unmarshalSecp256k1PrivateKey(decoded.Data, callback)
+    case keysPBM.KeyType.RSA:
+      return supportedKeys.rsa.unmarshalRsaPrivateKey(decoded.Data, callback)
+    case keysPBM.KeyType.Ed25519:
+      return supportedKeys.ed25519.unmarshalEd25519PrivateKey(decoded.Data, callback)
+    case keysPBM.KeyType.Secp256k1:
+      if (supportedKeys.secp256k1) {
+        return supportedKeys.secp256k1.unmarshalSecp256k1PrivateKey(decoded.Data, callback)
       } else {
         return callback(new Error('secp256k1 support requires libp2p-crypto-secp256k1 package'))
       }
diff --git a/src/keys/keys.js b/src/keys/keys.js
deleted file mode 100644
index 3f8acb3..0000000
--- a/src/keys/keys.js
+++ /dev/null
@@ -1,7 +0,0 @@
-'use strict'
-
-module.exports = {
-  rsa: require('./rsa-class'),
-  ed25519: require('./ed25519-class'),
-  secp256k1: require('libp2p-crypto-secp256k1')
-}
diff --git a/src/random-bytes.js b/src/random-bytes.js
new file mode 100644
index 0000000..77ab3fc
--- /dev/null
+++ b/src/random-bytes.js
@@ -0,0 +1,13 @@
+'use strict'
+
+const rsa = require('./keys/rsa')
+
+function randomBytes (number) {
+  if (!number || typeof number !== 'number') {
+    throw new Error('first argument must be a Number bigger than 0')
+  }
+
+  return rsa.getRandomValues(new Uint8Array(number))
+}
+
+module.exports = randomBytes
diff --git a/test/keys/ed25519.spec.js b/test/keys/ed25519.spec.js
index 9eb9a7b..68f5a25 100644
--- a/test/keys/ed25519.spec.js
+++ b/test/keys/ed25519.spec.js
@@ -8,7 +8,7 @@ chai.use(dirtyChai)
 const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../../src')
-const ed25519 = crypto.keys.keys.ed25519
+const ed25519 = crypto.keys.supportedKeys.ed25519
 const fixtures = require('../fixtures/go-key-ed25519')
 
 describe('ed25519', () => {
diff --git a/test/keys/rsa.spec.js b/test/keys/rsa.spec.js
index 0acca1f..b2f3b4d 100644
--- a/test/keys/rsa.spec.js
+++ b/test/keys/rsa.spec.js
@@ -8,7 +8,7 @@ chai.use(dirtyChai)
 const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../../src')
-const rsa = crypto.keys.keys.rsa
+const rsa = crypto.keys.supportedKeys.rsa
 const fixtures = require('../fixtures/go-key-rsa')
 
 describe('RSA', () => {
diff --git a/test/keys/secp256k1.spec.js b/test/keys/secp256k1.spec.js
index c644dbc..86ffd38 100644
--- a/test/keys/secp256k1.spec.js
+++ b/test/keys/secp256k1.spec.js
@@ -32,7 +32,7 @@ const mockSecp256k1Module = {
 }
 
 describe('without libp2p-crypto-secp256k1 module present', () => {
-  crypto.keys.keys['secp256k1'] = undefined
+  crypto.keys.supportedKeys['secp256k1'] = undefined
 
   it('fails to generate a secp256k1 key', (done) => {
     crypto.keys.generateKeyPair('secp256k1', 256, (err, key) => {
@@ -61,7 +61,7 @@ describe('with libp2p-crypto-secp256k1 module present', () => {
   let key
 
   before((done) => {
-    crypto.keys.keys['secp256k1'] = mockSecp256k1Module
+    crypto.keys.supportedKeys['secp256k1'] = mockSecp256k1Module
     crypto.keys.generateKeyPair('secp256k1', 256, (err, _key) => {
       if (err) return done(err)
       key = _key