diff --git a/encfs/BlockFileIO.cpp b/encfs/BlockFileIO.cpp
index ffd9adf..769e02f 100644
--- a/encfs/BlockFileIO.cpp
+++ b/encfs/BlockFileIO.cpp
@@ -19,7 +19,7 @@
 
 #include "MemoryPool.h"
 
-#include <string.h>
+#include <cstring>
 #include <rlog/rlog.h>
 
 #include "i18n.h"
diff --git a/encfs/BlockNameIO.cpp b/encfs/BlockNameIO.cpp
index bc10abc..27a210b 100644
--- a/encfs/BlockNameIO.cpp
+++ b/encfs/BlockNameIO.cpp
@@ -20,7 +20,7 @@
 #include "Cipher.h"
 #include "base64.h"
 
-#include <string.h>
+#include <cstring>
 #include <rlog/rlog.h>
 #include <rlog/Error.h>
 #include <rlog/RLogChannel.h>
diff --git a/encfs/Cipher.cpp b/encfs/Cipher.cpp
index 379f1d4..fe00b3a 100644
--- a/encfs/Cipher.cpp
+++ b/encfs/Cipher.cpp
@@ -21,6 +21,7 @@
 #include "Cipher.h"
 #include "Interface.h"
 #include "Range.h"
+#include "base64.h"
 
 #include <map>
 #include <list>
@@ -206,3 +207,22 @@ bool Cipher::nameDecode( unsigned char *data, int len,
     return streamDecode( data, len, iv64, key );
 }
 
+string Cipher::encodeAsString(const CipherKey &key,
+        const CipherKey &encodingKey )
+{
+    int encodedKeySize = this->encodedKeySize();
+    unsigned char *keyBuf = new unsigned char[ encodedKeySize ];
+
+    // write the key, encoding it with itself.
+    this->writeKey( key, keyBuf, key );
+
+    int b64Len = B256ToB64Bytes( encodedKeySize );
+    unsigned char *b64Key = new unsigned char[ b64Len + 1 ];
+
+    changeBase2( keyBuf, encodedKeySize, 8, b64Key,
+            b64Len, 6 );
+    B64ToAscii( b64Key, b64Len );
+    b64Key[ b64Len - 1 ] = '\0';
+
+    return string( (const char *)b64Key );
+}
diff --git a/encfs/Cipher.h b/encfs/Cipher.h
index c585688..83dea10 100644
--- a/encfs/Cipher.h
+++ b/encfs/Cipher.h
@@ -94,6 +94,10 @@ public:
 			      bool checkKey = true) =0;
     virtual void writeKey(const CipherKey &key, unsigned char *data, 
 	                  const CipherKey &encodingKey) =0; 
+
+    virtual std::string encodeAsString(const CipherKey &key,
+                                  const CipherKey &encodingKey );
+
     // for testing purposes
     virtual bool compareKey( const CipherKey &A, const CipherKey &B ) const =0;
 
diff --git a/encfs/CipherFileIO.cpp b/encfs/CipherFileIO.cpp
index f329ee9..88e9269 100644
--- a/encfs/CipherFileIO.cpp
+++ b/encfs/CipherFileIO.cpp
@@ -23,7 +23,7 @@
 #include <rlog/rlog.h>
 
 #include <fcntl.h>
-#include <errno.h>
+#include <cerrno>
 
 using boost::shared_ptr;
 
diff --git a/encfs/ConfigReader.cpp b/encfs/ConfigReader.cpp
index 439ba28..d5952c2 100644
--- a/encfs/ConfigReader.cpp
+++ b/encfs/ConfigReader.cpp
@@ -23,7 +23,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
-#include <string.h>
+#include <cstring>
 
 
 using namespace std;
diff --git a/encfs/ConfigVar.cpp b/encfs/ConfigVar.cpp
index 12d9075..9a988f6 100644
--- a/encfs/ConfigVar.cpp
+++ b/encfs/ConfigVar.cpp
@@ -18,7 +18,7 @@
 #include "ConfigVar.h"
 #include <rlog/rlog.h>
 
-#include <string.h>
+#include <cstring>
 
 using namespace rlog;
 
diff --git a/encfs/DirNode.cpp b/encfs/DirNode.cpp
index 8b24c7c..875364e 100644
--- a/encfs/DirNode.cpp
+++ b/encfs/DirNode.cpp
@@ -22,9 +22,9 @@
 
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
+#include <cerrno>
+#include <cstdio>
+#include <cstdlib>
 #include <pthread.h>
 #include <unistd.h>
 #ifdef linux
diff --git a/encfs/FileUtils.cpp b/encfs/FileUtils.cpp
index 234f61e..5450d22 100644
--- a/encfs/FileUtils.cpp
+++ b/encfs/FileUtils.cpp
@@ -46,11 +46,11 @@
 #include <sys/wait.h>
 #include <fcntl.h>
 #include <unistd.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <string.h>
+#include <cctype>
+#include <cstdio>
+#include <cstdlib>
+#include <cerrno>
+#include <cstring>
 
 #include <iostream>
 #include <sstream>
diff --git a/encfs/MACFileIO.cpp b/encfs/MACFileIO.cpp
index 026bcfe..e744bd1 100644
--- a/encfs/MACFileIO.cpp
+++ b/encfs/MACFileIO.cpp
@@ -23,7 +23,7 @@
 #include <rlog/Error.h>
 #include <rlog/RLogChannel.h>
 
-#include <string.h>
+#include <cstring>
 
 #include "i18n.h"
 
diff --git a/encfs/Makefile.am b/encfs/Makefile.am
index 6639700..5427a81 100644
--- a/encfs/Makefile.am
+++ b/encfs/Makefile.am
@@ -20,21 +20,20 @@ endif
 lib_LTLIBRARIES = libencfs.la
 bin_PROGRAMS = encfs encfsctl
 dist_bin_SCRIPTS = encfssh
-noinst_PROGRAMS = test
+noinst_PROGRAMS = test makeKey
 
 all-local: encfs-man.html
 
-#encfs_LDADD   = libencfs.la -lfuse
-#encfsctl_LDADD = libencfs.la -lfuse
-#test_LDADD   = libencfs.la -lfuse
 encfs_LDADD   = libencfs.la $(ALL_LDFLAGS)
 encfsctl_LDADD = libencfs.la $(ALL_LDFLAGS)
 test_LDADD   = libencfs.la $(ALL_LDFLAGS)
+makeKey_LDADD   = libencfs.la $(ALL_LDFLAGS)
 
 if BUILD_STATIC
 encfs_LDFLAGS = -all-static
 encfsctl_LDFLAGS = -all-static
 test_LDFLAGS = -all-static
+makeKey_LDFLAGS = -all-static
 endif
 
 # CURRENT : REVISION : AGE
@@ -76,17 +75,20 @@ libencfs_la_SOURCES = \
     DirNode.cpp \
     FileNode.cpp \
     FileUtils.cpp \
+    openssl.cpp \
     ${EXTRASRC}
 
 
 encfs_SOURCES = \
     encfs.cpp \
-    openssl.cpp \
     main.cpp
 
 test_SOURCES = \
     test.cpp
 
+makeKey_SOURCES = \
+    makeKey.cpp
+
 encfsctl_SOURCES = \
     encfsctl.cpp
 
diff --git a/encfs/MemoryPool.cpp b/encfs/MemoryPool.cpp
index 2731a6e..1fe79be 100644
--- a/encfs/MemoryPool.cpp
+++ b/encfs/MemoryPool.cpp
@@ -19,8 +19,8 @@
 #include "MemoryPool.h"
 #include <rlog/rlog.h>
 
-#include <stdlib.h>
-#include <string.h>
+#include <cstdlib>
+#include <cstring>
 
 #include "config.h"
 #include <pthread.h>
diff --git a/encfs/NullCipher.cpp b/encfs/NullCipher.cpp
index fa64b8e..e426124 100644
--- a/encfs/NullCipher.cpp
+++ b/encfs/NullCipher.cpp
@@ -23,7 +23,7 @@
 #include <boost/shared_ptr.hpp>
 #include <rlog/rlog.h>
 
-#include <string.h>
+#include <cstring>
 
 using namespace std;
 using namespace rel;
diff --git a/encfs/RawFileIO.cpp b/encfs/RawFileIO.cpp
index ac28664..9b01dfc 100644
--- a/encfs/RawFileIO.cpp
+++ b/encfs/RawFileIO.cpp
@@ -27,9 +27,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#include <string.h>
+#include <cstring>
 
-#include <errno.h>
+#include <cerrno>
 
 using namespace std;
 
diff --git a/encfs/SSL_Cipher.cpp b/encfs/SSL_Cipher.cpp
index 100f11d..cd8fcd8 100644
--- a/encfs/SSL_Cipher.cpp
+++ b/encfs/SSL_Cipher.cpp
@@ -31,7 +31,7 @@
 #include "MemoryPool.h"
 #include "Mutex.h"
 
-#include <string.h>
+#include <cstring>
 
 #include <sys/mman.h>
 
@@ -296,7 +296,7 @@ void initKey(const shared_ptr<SSLKey> &key, const EVP_CIPHER *_blockCipher,
 
     EVP_EncryptInit_ex( &key->block_enc, NULL, NULL, KeyData(key), NULL);
     EVP_DecryptInit_ex( &key->block_dec, NULL, NULL, KeyData(key), NULL);
-    EVP_DecryptInit_ex( &key->stream_enc, NULL, NULL, KeyData(key), NULL);
+    EVP_EncryptInit_ex( &key->stream_enc, NULL, NULL, KeyData(key), NULL);
     EVP_DecryptInit_ex( &key->stream_dec, NULL, NULL, KeyData(key), NULL);
     
     HMAC_CTX_init( &key->mac_ctx );
diff --git a/encfs/encfs.cpp b/encfs/encfs.cpp
index 20c2b55..d2e2ac9 100644
--- a/encfs/encfs.cpp
+++ b/encfs/encfs.cpp
@@ -17,12 +17,12 @@
 
 #include "encfs.h"
 
-#include <stdio.h>
-#include <string.h>
+#include <cstdio>
+#include <cstring>
 #include <unistd.h>
 #include <fcntl.h>
 #include <dirent.h>
-#include <errno.h>
+#include <cerrno>
 #include <sys/statvfs.h>
 #include <sys/time.h>
 
diff --git a/encfs/encfs.h b/encfs/encfs.h
index ce0fcfa..ad79a49 100644
--- a/encfs/encfs.h
+++ b/encfs/encfs.h
@@ -28,7 +28,7 @@
 #endif
 
 #ifndef linux
-#include <errno.h>
+#include <cerrno>
 
 static __inline int setfsuid(uid_t uid)
 {
diff --git a/encfs/encfsctl.cpp b/encfs/encfsctl.cpp
index eb50500..9449095 100644
--- a/encfs/encfsctl.cpp
+++ b/encfs/encfsctl.cpp
@@ -65,6 +65,7 @@ static int cmd_encode( int argc, char **argv );
 static int cmd_showcruft( int argc, char **argv );
 static int cmd_cat( int argc, char **argv );
 static int cmd_export( int argc, char **argv );
+static int cmd_showKey( int argc, char **argv );
 
 struct CommandOpts
 {
@@ -79,6 +80,9 @@ struct CommandOpts
     {"info", 1, 1, showInfo, "(root dir)", 
 	// xgroup(usage)
 	gettext_noop("  -- show information (Default command)")},
+    {"showKey", 1, 1, cmd_showKey, "(root dir)", 
+	// xgroup(usage)
+	gettext_noop("  -- show key")},
     {"passwd", 1, 1, chpasswd, "(root dir)",
 	// xgroup(usage)
 	gettext_noop("  -- change password for volume")},
@@ -233,6 +237,24 @@ static RootPtr initRootInfo(const char* crootDir)
     return result;
 }
 
+static int cmd_showKey( int argc, char **argv )
+{
+    RootPtr rootInfo = initRootInfo(argv[1]);
+    
+    if(!rootInfo)
+        return EXIT_FAILURE;
+    else
+    {
+        // encode with itself
+        string b64Key = rootInfo->cipher->encodeAsString(
+                rootInfo->volumeKey, rootInfo->volumeKey );
+
+        cout << b64Key << "\n";
+
+        return EXIT_SUCCESS;
+    }
+}
+
 static int cmd_decode( int argc, char **argv )
 {
     RootPtr rootInfo = initRootInfo(argv[1]);
diff --git a/encfs/main.cpp b/encfs/main.cpp
index b50330a..149e6b8 100644
--- a/encfs/main.cpp
+++ b/encfs/main.cpp
@@ -24,12 +24,12 @@
 #include <string>
 #include <sstream>
 
-#include <assert.h>
-#include <stdio.h>
+#include <cassert>
+#include <cstdio>
 #include <unistd.h>
 #include <sys/time.h>
-#include <errno.h>
-#include <string.h>
+#include <cerrno>
+#include <cstring>
 
 #include <getopt.h>
 
diff --git a/encfs/makeKey.cpp b/encfs/makeKey.cpp
new file mode 100644
index 0000000..d5e4479
--- /dev/null
+++ b/encfs/makeKey.cpp
@@ -0,0 +1,66 @@
+/*****************************************************************************
+ * Author:   Valient Gough <vgough@pobox.com>
+ *
+ *****************************************************************************
+ * Copyright (c) 2008, Valient Gough
+ *
+ * This program is free software: you can redistribute it and/or modify it 
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.  
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "encfs.h"
+
+#include "Cipher.h"
+#include "CipherKey.h"
+#include "openssl.h"
+
+#include <iostream>
+
+#include <sys/types.h>
+#include <unistd.h>
+
+using namespace std;
+
+void genKey( const shared_ptr<Cipher> &cipher )
+{
+    CipherKey key = cipher->newRandomKey();
+
+    // encode with itself
+    string b64Key = cipher->encodeAsString( key, key );
+
+    cout << b64Key << "\n";
+}
+
+int main(int argc, char **argv)
+{
+    pid_t pid = getpid();
+    cerr << "pid = " << pid << "\n";
+
+    if(argc != 3)
+    {
+        cerr << "usage: makeKey [AES|Blowfish] [128|160|192|224|256]\n";
+        return 1;
+    }
+
+    const char *type = argv[1];
+    int size = atoi(argv[2]);
+
+    openssl_init(false);
+
+    // get a list of the available algorithms
+    shared_ptr<Cipher> cipher = Cipher::New( type, size );
+    genKey( cipher );
+
+    //openssl_shutdown(false);
+} 
+
diff --git a/encfs/readpassphrase.cpp b/encfs/readpassphrase.cpp
index b7e4a33..158c387 100644
--- a/encfs/readpassphrase.cpp
+++ b/encfs/readpassphrase.cpp
@@ -35,16 +35,16 @@ static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:
 
 #ifndef HAVE_READPASSPHRASE
 
-#include <signal.h>
-#include <stdio.h>
-#include <errno.h>
+#include <csignal>
+#include <cstdio>
+#include <cerrno>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <paths.h>
-#include <string.h>
-#include <ctype.h>
+#include <cstring>
+#include <cctype>
 
 #include <termios.h>
 #include <readpassphrase.h>
diff --git a/encfs/test.cpp b/encfs/test.cpp
index 2515281..fcdca51 100644
--- a/encfs/test.cpp
+++ b/encfs/test.cpp
@@ -22,7 +22,7 @@
 
 #include <iostream>
 
-#include <stdlib.h>
+#include <cstdlib>
 
 #include "Cipher.h"
 #include "DirNode.h"