diff --git a/www/common/rpc.js b/www/common/rpc.js
index 8cb7c6f8a..25248b147 100644
--- a/www/common/rpc.js
+++ b/www/common/rpc.js
@@ -4,12 +4,19 @@ define([
     '/bower_components/tweetnacl/nacl-fast.min.js',
 ], function (Encode) {
     var MAX_LAG_BEFORE_TIMEOUT = 30000;
+    var Nacl = window.nacl;
 
     var uid = function () {
         return Number(Math.floor(Math.random() * Number.MAX_SAFE_INTEGER))
             .toString(32).replace(/\./g, '');
     };
 
+    var signMsg = function (type, msg, signKey) {
+        var toSign = JSON.stringify([type, msg]);
+        var buffer = Nacl.util.decodeUTF8(toSign);
+        return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
+    };
+
     /*
 types of messages:
     pin -> hash
@@ -24,14 +31,14 @@ types of messages:
     messages have the format:
         [TYPE, txid, msg]
 */
-    var sendMsg = function (ctx, type, msg, cb) {
+    var sendMsg = function (ctx, type, signed, id, cb) {
         var network = ctx.network;
         var hkn = network.historyKeeper;
         var txid = uid();
 
         ctx.pending[txid] = cb;
 
-        return network.sendto(hkn, JSON.stringify([txid, type, msg]));
+        return network.sendto(hkn, JSON.stringify([txid, signed, id]));
     };
 
     var parse = function (msg) {
@@ -68,18 +75,19 @@ types of messages:
         }
     };
 
-    var cookie = function (ctx, cb) {
-        // TODO txid
-    };
-
-    var signMsg = function (msg, secKey) {
-        // TODO
-    };
+    var create = function (network, edPrivateKey, edPublicKey) {
+        var signKey = Nacl.util.decodeBase64(edPrivateKey);
 
-    var create = function (network, edPrivateKey) {
-        if (!/[0-9a-f]{64}/.test(edPrivateKey)) {
-            //throw new Error("private signing key is not valid");
+        try {
+            if (signKey.length !== 64) {
+                throw new Error('private key did not match expected length of 64');
+            }
+        } catch (err) {
+            throw new Error("private signing key is not valid");
         }
+
+        // TODO validate public key as well
+
         var ctx = {
             //privateKey: Encode.hexToUint8Array(edPrivateKey),
             seq: new Date().getTime(),
@@ -91,13 +99,15 @@ types of messages:
         var pin = function (channel, cb) { };
 
         var send = function (type, msg, cb) {
-            return sendMsg(ctx, type, msg, cb);
+            // construct a signed message...
+            var signed = signMsg(type, msg, signKey);
+
+            return sendMsg(ctx, type, signed, edPublicKey, cb);
         };
         network.on('message', function (msg, sender) {
             onMsg(ctx, msg);
         });
         return {
-            cookie: function (cb) { cookie(ctx, cb); },
             send: send,
         };
     };