diff --git a/.gitignore b/.gitignore
index 8f0cd5d75..cc50e6a7b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@
 .settings/
 
 # Output dirs
+out/
 target/
 classes/
 build/
diff --git a/.travis.yml b/.travis.yml
index 72119fb48..246dcd989 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,30 @@
 language: java
-sudo: false
+dist: trusty
+sudo: required
+
+services:
+  - docker
+
 jdk:
-  - oraclejdk7
   - oraclejdk8
+  - openjdk8
+  - oraclejdk9
+
+before_cache:
+  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+
+cache:
+  directories:
+  - $HOME/.gradle/caches/
+  - $HOME/.gradle/wrapper/
+
+before_install:
+  - pip install --user codecov
+
+script:
+  - ./gradlew check
+  - ./gradlew integrationTest
+
+after_success:
+- codecov
diff --git a/README.adoc b/README.adoc
index 858d397f8..e5b698423 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,11 +1,14 @@
 = sshj - SSHv2 library for Java
 Jeroen van Erp
 :sshj_groupid: com.hierynomus
-:sshj_version: 0.21.1
+:sshj_version: 0.23.0
 :source-highlighter: pygments
 
+image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
 image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
 image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8a["Codacy code quality", link="https://www.codacy.com/app/jeroen_2/sshj?utm_source=github.com&utm_medium=referral&utm_content=hierynomus/sshj&utm_campaign=Badge_Grade"]
+image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
+image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
 image:https://javadoc-emblem.rhcloud.com/doc/com.hierynomus/sshj/badge.svg["Javadoc",link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 
@@ -75,7 +78,7 @@ key exchange::
   `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`
 
 signatures::
-  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ssh-ed25519`
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
 
 mac::
   `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
@@ -104,7 +107,16 @@ Google Group: http://groups.google.com/group/sshj-users
 Fork away!
 
 == Release history
-SSHJ 0.22.0 (2017-??-??)::
+SSHJ 0.23.0 (2017-10-13)::
+* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
+* Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
+* Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
+* Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
+* Made SSHJ Java9 compatible
+SSHJ 0.22.0 (2017-08-24)::
+* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
+* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
+* Merged https://github.com/hierynomus/sshj/pulls/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
 * Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
 SSHJ 0.21.1 (2017-04-25)::
 * Merged https://github.com/hierynomus/sshj/pulls/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
diff --git a/build.gradle b/build.gradle
index 5a883ebee..81b1f30b6 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,22 +1,32 @@
 import java.text.SimpleDateFormat
+import com.bmuschko.gradle.docker.tasks.container.*
+import com.bmuschko.gradle.docker.tasks.image.*
 
 plugins {
   id "java"
   id "groovy"
+  id "jacoco"
   id "osgi"
   id "maven-publish"
-  id "org.ajoberstar.release-opinion" version "1.4.2"
+  id "com.bmuschko.docker-remote-api" version "3.2.1"
+  id 'pl.allegro.tech.build.axion-release' version '1.8.1'
   id "com.github.hierynomus.license" version "0.12.1"
   id "com.jfrog.bintray" version "1.7"
-  id 'ru.vyarus.pom' version '1.0.3'
+  id 'ru.vyarus.java-lib' version '1.0.5'
+  // id 'ru.vyarus.pom' version '1.0.3'
   id 'ru.vyarus.github-info' version '1.1.0'
+  id 'ru.vyarus.animalsniffer' version '1.4.2'
 }
 
 group = "com.hierynomus"
+
 defaultTasks "build"
 
 repositories {
   mavenCentral()
+  maven {
+    url "https://dl.bintray.com/mockito/maven/"
+  }
 }
 
 sourceCompatibility = 1.6
@@ -24,19 +34,21 @@ targetCompatibility = 1.6
 
 configurations.compile.transitive = false
 
-def bouncycastleVersion = "1.56"
+def bouncycastleVersion = "1.57"
 
 dependencies {
+  signature 'org.codehaus.mojo.signature:java16:1.1@signature'
+
   compile "org.slf4j:slf4j-api:1.7.7"
   compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
   compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
   compile "com.jcraft:jzlib:1.1.3"
 
-  compile "net.i2p.crypto:eddsa:0.1.0"
+  compile "net.i2p.crypto:eddsa:0.2.0"
 
   testCompile "junit:junit:4.11"
   testCompile 'org.spockframework:spock-core:1.0-groovy-2.4'
-  testCompile "org.mockito:mockito-core:2.8.47"
+  testCompile "org.mockito:mockito-core:2.9.2"
   testCompile "org.apache.sshd:sshd-core:1.2.0"
   testRuntime "ch.qos.logback:logback-classic:1.1.2"
   testCompile 'org.glassfish.grizzly:grizzly-http-server:2.3.17'
@@ -53,14 +65,19 @@ license {
   excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java'])
 }
 
-if (project.file('.git').isDirectory()) {
-  release {
-    grgit = org.ajoberstar.grgit.Grgit.open(project.projectDir)
+scmVersion {
+  tag {
+    prefix = 'v'
+    versionSeparator = ''
+  }
+  hooks {
+    pre 'fileUpdate', [file: 'README.adoc', pattern: { v, c -> /:sshj_version: .*/}, replacement: { v, c -> ":sshj_version: $v" }]
+    pre 'commit'
   }
-} else {
-  version = "0.0.0-no.git"
 }
 
+project.version = scmVersion.version
+
 // This disables the pedantic doclint feature of JDK8
 if (JavaVersion.current().isJava8Compatible()) {
   tasks.withType(Javadoc) {
@@ -78,7 +95,6 @@ task writeSshjVersionProperties {
 }
 
 jar.dependsOn writeSshjVersionProperties
-
 jar {
   manifest {
     // please see http://bnd.bndtools.org/chapters/390-wrapping.html
@@ -99,14 +115,7 @@ jar {
   }
 }
 
-task javadocJar(type: Jar) {
-  classifier = 'javadoc'
-  from javadoc
-}
-
-task sourcesJar(type: Jar) {
-  classifier = 'sources'
-  from sourceSets.main.allSource
+sourcesJar {
   manifest {
     attributes(
       // Add the needed OSGI attributes
@@ -119,6 +128,27 @@ task sourcesJar(type: Jar) {
   }
 }
 
+configurations {
+  integrationTestCompile.extendsFrom testCompile
+  integrationTestRuntime.extendsFrom testRuntime
+}
+
+sourceSets {
+  integrationTest {
+    groovy {
+      compileClasspath += sourceSets.main.output + sourceSets.test.output
+      runtimeClasspath += sourceSets.main.output + sourceSets.test.output
+      srcDir file('src/itest/groovy')
+    }
+    resources.srcDir file('src/itest/resources')
+  }
+}
+
+task integrationTest(type: Test) {
+  testClassesDirs = sourceSets.integrationTest.output.classesDirs
+  classpath = sourceSets.integrationTest.runtimeClasspath
+}
+
 tasks.withType(Test) {
   testLogging {
     exceptionFormat = 'full'
@@ -185,21 +215,12 @@ pom {
   }
 }
 
-publishing.publications {
-  Sshj(MavenPublication) {
-    from components.java
-    artifact sourcesJar
-    artifact javadocJar
-  }
-}
-
-
 if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey")) {
   bintray {
     user = project.property("bintrayUsername")
     key = project.property("bintrayApiKey")
     publish = true
-    publications = ["Sshj"]
+    publications = ["maven"]
     pkg {
       repo = "maven"
       name = project.name
@@ -226,4 +247,38 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
   }
 }
 
-project.tasks.release.dependsOn([project.tasks.build, project.tasks.bintrayUpload])
+jacocoTestReport {
+    reports {
+        xml.enabled true
+        html.enabled true
+    }
+}
+
+
+task buildItestImage(type: DockerBuildImage) {
+    inputDir = file('src/itest/docker-image')
+    tag = 'sshj/sshd-itest'
+}
+
+task createItestContainer(type: DockerCreateContainer) {
+    dependsOn buildItestImage
+    targetImageId { buildItestImage.getImageId() }
+    portBindings = ['2222:22']
+}
+
+task startItestContainer(type: DockerStartContainer) {
+    dependsOn createItestContainer
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+task stopItestContainer(type: DockerStopContainer) {
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+project.tasks.integrationTest.dependsOn(startItestContainer)
+project.tasks.integrationTest.finalizedBy(stopItestContainer)
+
+project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
+project.tasks.release.finalizedBy(project.tasks.bintrayUpload)
+project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
+project.tasks.check.dependsOn(project.tasks.jacocoTestReport)
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index a02b60f27..318b9e3e5 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.3-all.zip
diff --git a/src/itest/docker-image/Dockerfile b/src/itest/docker-image/Dockerfile
new file mode 100644
index 000000000..b306ac8ca
--- /dev/null
+++ b/src/itest/docker-image/Dockerfile
@@ -0,0 +1,16 @@
+FROM sickp/alpine-sshd:7.5
+
+ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
+
+ADD test-container/ssh_host_ecdsa_key     /etc/ssh/ssh_host_ecdsa_key
+ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+
+RUN \
+  echo "root:smile" | chpasswd && \
+  adduser -D -s /bin/ash sshj && \
+  passwd -u sshj && \
+  chmod 600 /home/sshj/.ssh/authorized_keys && \
+  chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
+  chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
+  chown -R sshj:sshj /home/sshj
+
diff --git a/src/itest/docker-image/id_rsa.pub b/src/itest/docker-image/id_rsa.pub
new file mode 100644
index 000000000..6c50ee239
--- /dev/null
+++ b/src/itest/docker-image/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase
diff --git a/src/itest/docker-image/test-container/ssh_host_ecdsa_key b/src/itest/docker-image/test-container/ssh_host_ecdsa_key
new file mode 100644
index 000000000..cac0cbe71
--- /dev/null
+++ b/src/itest/docker-image/test-container/ssh_host_ecdsa_key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOpOBFjqe0hjK/hs4WZ3dZqnzanq1L3/JbvV1TCkbe4ToAoGCCqGSM49
+AwEHoUQDQgAEVzkrS7Yj0nXML7A3mE08YDthfBR/ZbyYJDIq1vTzcqs6KTaCT529
+swNXWLHO+mbHviZcRiI57ULXHZ1emom/Jw==
+-----END EC PRIVATE KEY-----
diff --git a/src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub b/src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub
new file mode 100644
index 000000000..9b7f7995f
--- /dev/null
+++ b/src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFc5K0u2I9J1zC+wN5hNPGA7YXwUf2W8mCQyKtb083KrOik2gk+dvbMDV1ixzvpmx74mXEYiOe1C1x2dXpqJvyc= root@404b27be2bf4
\ No newline at end of file
diff --git a/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
new file mode 100644
index 000000000..19ae629c8
--- /dev/null
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier
+import spock.lang.Specification
+
+class IntegrationBaseSpec extends Specification {
+    protected static final int DOCKER_PORT = 2222;
+    protected static final String USERNAME = "sshj";
+    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1");
+
+    protected static SSHClient getConnectedClient() throws IOException {
+        SSHClient sshClient = new SSHClient(new DefaultConfig());
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier());
+        sshClient.connect(SERVER_IP, DOCKER_PORT);
+
+        return sshClient;
+    }
+
+}
diff --git a/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
new file mode 100644
index 000000000..16d3e004c
--- /dev/null
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.TransportException
+import net.schmizz.sshj.userauth.UserAuthException
+
+class IntegrationSpec extends IntegrationBaseSpec {
+
+    def "should accept correct key"() {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3") // test-containers/ssh_host_ecdsa_key's fingerprint
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        sshClient.isConnected()
+    }
+
+    def "should decline wrong key"() throws IOException {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3")
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        thrown(TransportException.class)
+    }
+
+    def "should authenticate"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+
+        then:
+        client.isAuthenticated()
+    }
+
+   def "should not authenticate with wrong key"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey("sshj", "src/test/resources/id_dsa")
+
+        then:
+        thrown(UserAuthException.class)
+        !client.isAuthenticated()
+    }
+}
diff --git a/src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy
new file mode 100644
index 000000000..d61187df4
--- /dev/null
+++ b/src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.sftp
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.sftp.OpenMode
+import net.schmizz.sshj.sftp.RemoteFile
+import net.schmizz.sshj.sftp.SFTPClient
+
+import java.nio.charset.StandardCharsets
+
+import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable
+
+class FileWriteSpec extends IntegrationBaseSpec {
+
+    def "should append to file (GH issue #390)"() {
+        given:
+        SSHClient client = getConnectedClient()
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+        SFTPClient sftp = client.newSFTPClient()
+        def file = "/home/sshj/test.txt"
+        def initialText = "This is the initial text.\n".getBytes(StandardCharsets.UTF_16)
+        def appendText = "And here's the appended text.\n".getBytes(StandardCharsets.UTF_16)
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT))) { RemoteFile initial ->
+            initial.write(0, initialText, 0, initialText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length]
+            read.read(0, bytes, 0, bytes.length)
+            bytes == initialText
+        }
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.APPEND))) { RemoteFile append ->
+            append.write(0, appendText, 0, appendText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length + appendText.length]
+            read.read(0, bytes, 0, bytes.length)
+            Arrays.copyOfRange(bytes, 0, initialText.length) == initialText
+            Arrays.copyOfRange(bytes, initialText.length, initialText.length + appendText.length) == appendText
+        }
+
+        cleanup:
+        sftp.close()
+        client.close()
+    }
+}
diff --git a/src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java b/src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java
index a0d617258..56ea256e6 100644
--- a/src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java
+++ b/src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java
@@ -15,12 +15,12 @@
  */
 package com.hierynomus.sshj.backport;
 
+import net.schmizz.sshj.common.IOUtils;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.*;
 
-import net.schmizz.sshj.common.IOUtils;
-
 public class Jdk7HttpProxySocket extends Socket {
 
     private Proxy httpProxy = null;
diff --git a/src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java b/src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java
index a9f49bf25..7bad0d3c5 100644
--- a/src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java
+++ b/src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java
@@ -23,8 +23,6 @@
 
 import java.util.Arrays;
 
-import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
-
 /**
  * Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
  * The code uses the equality of the keys as an indicator whether they're the same during host key verification.
@@ -34,7 +32,7 @@ public class Ed25519PublicKey extends EdDSAPublicKey {
     public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
         super(spec);
 
-        EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512);
+        EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
         if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
             throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
         }
diff --git a/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java b/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java
index dee8f2752..19a1da4ab 100644
--- a/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java
+++ b/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java
@@ -16,14 +16,16 @@
 package com.hierynomus.sshj.signature;
 
 import net.i2p.crypto.eddsa.EdDSAEngine;
-import net.schmizz.sshj.common.Buffer;
 import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.signature.AbstractSignature;
 import net.schmizz.sshj.signature.Signature;
 
-import java.security.*;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
 
-public class SignatureEdDSA implements Signature {
+public class SignatureEdDSA extends AbstractSignature {
     public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
 
         @Override
@@ -37,50 +39,14 @@ public Signature create() {
         }
     }
 
-    final EdDSAEngine engine;
-
-    protected SignatureEdDSA() {
-        try {
-            engine = new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
-        } catch (NoSuchAlgorithmException e) {
-            throw new SSHRuntimeException(e);
-        }
-    }
-
-    @Override
-    public void init(PublicKey pubkey, PrivateKey prvkey) {
-        try {
-            if (pubkey != null) {
-                engine.initVerify(pubkey);
-            }
-
-            if (prvkey != null) {
-                engine.initSign(prvkey);
-            }
-        } catch (InvalidKeyException e) {
-            throw new SSHRuntimeException(e);
-        }
-    }
-
-    @Override
-    public void update(byte[] H) {
-        update(H, 0, H.length);
+    SignatureEdDSA() {
+        super(getEngine());
     }
 
-    @Override
-    public void update(byte[] H, int off, int len) {
+    private static EdDSAEngine getEngine() {
         try {
-            engine.update(H, off, len);
-        } catch (SignatureException e) {
-            throw new SSHRuntimeException(e);
-        }
-    }
-
-    @Override
-    public byte[] sign() {
-        try {
-            return engine.sign();
-        } catch (SignatureException e) {
+            return new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
+        } catch (NoSuchAlgorithmException e) {
             throw new SSHRuntimeException(e);
         }
     }
@@ -93,17 +59,9 @@ public byte[] encode(byte[] signature) {
     @Override
     public boolean verify(byte[] sig) {
         try {
-            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(sig);
-            String algo = plainBuffer.readString();
-            if (!"ssh-ed25519".equals(algo)) {
-                throw new SSHRuntimeException("Expected 'ssh-ed25519' key algorithm, but was: " + algo);
-            }
-            byte[] bytes = plainBuffer.readBytes();
-            return engine.verify(bytes);
+            return signature.verify(extractSig(sig, "ssh-ed25519"));
         } catch (SignatureException e) {
             throw new SSHRuntimeException(e);
-        } catch (Buffer.BufferException e) {
-            throw new SSHRuntimeException(e);
         }
     }
 }
diff --git a/src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java b/src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java
index ea7818dae..99cf09f34 100644
--- a/src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java
+++ b/src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java
@@ -19,14 +19,15 @@
 import net.schmizz.sshj.transport.cipher.Cipher;
 
 /**
- * All BlockCiphers supported by SSH according to the following RFCs
+ * All BlockCiphers supported by SSH according to the following RFCs:
  *
- * - https://tools.ietf.org/html/rfc4344#section-3.1
- * - https://tools.ietf.org/html/rfc4253#section-6.3
+ * <ul>
+ *   <li>https://tools.ietf.org/html/rfc4344#section-3.1</li>
+ *   <li>https://tools.ietf.org/html/rfc4253#section-6.3</li>
+ *   <li>TODO: https://tools.ietf.org/html/rfc5647</li>
+ * </ul>
  *
- * TODO: https://tools.ietf.org/html/rfc5647
- *
- * Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are scheduled to be migrated to here.
+ * Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are deprecated and scheduled to be removed.
  */
 @SuppressWarnings("PMD.MethodNamingConventions")
 public class BlockCiphers {
@@ -34,9 +35,30 @@ public class BlockCiphers {
     public static final String COUNTER_MODE = "CTR";
     public static final String CIPHER_BLOCK_CHAINING_MODE = "CBC";
 
+    public static Factory AES128CTR() {
+        return new Factory(16, 128, "aes128-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES192CTR() {
+        return new Factory(16, 192, "aes192-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES256CTR() {
+        return new Factory(16, 256, "aes256-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES128CBC() {
+        return new Factory(16, 128, "aes128-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory AES192CBC() {
+        return new Factory(16, 192, "aes192-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory AES256CBC() {
+        return new Factory(16, 256, "aes256-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
     public static Factory BlowfishCTR() {
         return new Factory(8, 256, "blowfish-ctr", "Blowfish", COUNTER_MODE);
     }
+    public static Factory BlowfishCBC() {
+        return new Factory(8, 128, "blowfish-cbc", "Blowfish", CIPHER_BLOCK_CHAINING_MODE);
+    }
     public static Factory Twofish128CTR() {
         return new Factory(16, 128, "twofish128-ctr", "Twofish", COUNTER_MODE);
     }
@@ -91,6 +113,9 @@ public static Factory Cast128CBC() {
     public static Factory TripleDESCTR() {
         return new Factory(8, 192, "3des-ctr", "DESede", COUNTER_MODE);
     }
+    public static Factory TripleDESCBC() {
+        return new Factory(8, 192, "3des-cbc", "DESede", CIPHER_BLOCK_CHAINING_MODE);
+    }
 
     /** Named factory for BlockCipher */
     public static class Factory
diff --git a/src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java b/src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java
index 3efbddd83..d182e2a5d 100644
--- a/src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java
+++ b/src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java
@@ -15,14 +15,15 @@
  */
 package com.hierynomus.sshj.transport.kex;
 
-import net.schmizz.sshj.transport.digest.*;
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.digest.SHA1;
+import net.schmizz.sshj.transport.digest.SHA256;
+import net.schmizz.sshj.transport.digest.SHA512;
 import net.schmizz.sshj.transport.kex.KeyExchange;
 
 import java.math.BigInteger;
 
 import static net.schmizz.sshj.transport.kex.DHGroupData.*;
-import static net.schmizz.sshj.transport.kex.DHGroupData.P16;
-import static net.schmizz.sshj.transport.kex.DHGroupData.P18;
 
 /**
  * Factory methods for Diffie Hellmann KEX algorithms based on MODP groups / Oakley Groups
diff --git a/src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java b/src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java
index 2c52d96b1..08e5d8b78 100644
--- a/src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java
+++ b/src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java
@@ -135,7 +135,7 @@ private static class WildcardHostMatcher implements HostMatcher {
         private final Pattern pattern;
 
         public WildcardHostMatcher(String hostEntry) {
-            this.pattern = Pattern.compile(hostEntry.replace(".", "\\.").replace("*", ".*").replace("?", "."));
+            this.pattern = Pattern.compile("^" + hostEntry.replace("[", "\\[").replace("]", "\\]").replace(".", "\\.").replace("*", ".*").replace("?", ".") + "$");
         }
 
         @Override
diff --git a/src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java b/src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
index 1d28f1487..1e12badea 100644
--- a/src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
+++ b/src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
@@ -15,14 +15,6 @@
  */
 package com.hierynomus.sshj.userauth.keyprovider;
 
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PublicKey;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import net.i2p.crypto.eddsa.EdDSAPrivateKey;
 import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
 import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
@@ -31,8 +23,14 @@
 import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
 import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
 import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PublicKey;
 
 /**
  * Reads a key file in the new OpenSSH format.
@@ -155,6 +153,6 @@ private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey pub
                 throw new IOException("Padding of key format contained wrong byte at position: " + i);
             }
         }
-        return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512))));
+        return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
     }
 }
diff --git a/src/main/java/net/schmizz/concurrent/Event.java b/src/main/java/net/schmizz/concurrent/Event.java
index b5a449fb3..d02cd9328 100644
--- a/src/main/java/net/schmizz/concurrent/Event.java
+++ b/src/main/java/net/schmizz/concurrent/Event.java
@@ -15,11 +15,11 @@
  */
 package net.schmizz.concurrent;
 
+import net.schmizz.sshj.common.LoggerFactory;
+
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
 
-import net.schmizz.sshj.common.LoggerFactory;
-
 /**
  * An event can be set, cleared, or awaited, similar to Python's {@code threading.event}. The key difference is that a
  * waiter may be delivered an exception of parameterized type {@code T}.
diff --git a/src/main/java/net/schmizz/concurrent/Promise.java b/src/main/java/net/schmizz/concurrent/Promise.java
index 8e6cce3f6..7511648d0 100644
--- a/src/main/java/net/schmizz/concurrent/Promise.java
+++ b/src/main/java/net/schmizz/concurrent/Promise.java
@@ -15,6 +15,7 @@
  */
 package net.schmizz.concurrent;
 
+import net.schmizz.sshj.common.LoggerFactory;
 import org.slf4j.Logger;
 
 import java.util.concurrent.TimeUnit;
@@ -22,8 +23,6 @@
 import java.util.concurrent.locks.Condition;
 import java.util.concurrent.locks.ReentrantLock;
 
-import net.schmizz.sshj.common.LoggerFactory;
-
 /**
  * Represents promised data of the parameterized type {@code V} and allows waiting on it. An exception may also be
  * delivered to a waiter, and will be of the parameterized type {@code T}.
diff --git a/src/main/java/net/schmizz/sshj/AndroidConfig.java b/src/main/java/net/schmizz/sshj/AndroidConfig.java
index 235d9fab9..9c230dd53 100644
--- a/src/main/java/net/schmizz/sshj/AndroidConfig.java
+++ b/src/main/java/net/schmizz/sshj/AndroidConfig.java
@@ -15,6 +15,8 @@
  */
 package net.schmizz.sshj;
 
+import com.hierynomus.sshj.signature.SignatureEdDSA;
+
 import net.schmizz.sshj.common.SecurityUtils;
 import net.schmizz.sshj.signature.SignatureDSA;
 import net.schmizz.sshj.signature.SignatureRSA;
@@ -28,9 +30,18 @@ public class AndroidConfig
         SecurityUtils.registerSecurityProvider("org.spongycastle.jce.provider.BouncyCastleProvider");
     }
 
+    public AndroidConfig(){
+        super();
+        initKeyExchangeFactories(true);
+        initRandomFactory(true);
+        initFileKeyProviderFactories(true);
+    }
+
     // don't add ECDSA
     protected void initSignatureFactories() {
-        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory());
+        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory(),
+                // but add EdDSA
+                new SignatureEdDSA.Factory());
     }
 
     @Override
diff --git a/src/main/java/net/schmizz/sshj/ConfigImpl.java b/src/main/java/net/schmizz/sshj/ConfigImpl.java
index fce2cfda8..70df287cb 100644
--- a/src/main/java/net/schmizz/sshj/ConfigImpl.java
+++ b/src/main/java/net/schmizz/sshj/ConfigImpl.java
@@ -16,8 +16,8 @@
 package net.schmizz.sshj;
 
 import net.schmizz.keepalive.KeepAliveProvider;
-import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.signature.Signature;
 import net.schmizz.sshj.transport.cipher.Cipher;
 import net.schmizz.sshj.transport.compression.Compression;
diff --git a/src/main/java/net/schmizz/sshj/DefaultConfig.java b/src/main/java/net/schmizz/sshj/DefaultConfig.java
index 256b4e317..b2400d6b8 100644
--- a/src/main/java/net/schmizz/sshj/DefaultConfig.java
+++ b/src/main/java/net/schmizz/sshj/DefaultConfig.java
@@ -15,22 +15,12 @@
  */
 package net.schmizz.sshj;
 
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Properties;
-
-import org.slf4j.Logger;
-
 import com.hierynomus.sshj.signature.SignatureEdDSA;
 import com.hierynomus.sshj.transport.cipher.BlockCiphers;
 import com.hierynomus.sshj.transport.cipher.StreamCiphers;
 import com.hierynomus.sshj.transport.kex.DHGroups;
 import com.hierynomus.sshj.transport.kex.ExtendedDHGroups;
 import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
-
 import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.LoggerFactory;
@@ -38,26 +28,13 @@
 import net.schmizz.sshj.signature.SignatureDSA;
 import net.schmizz.sshj.signature.SignatureECDSA;
 import net.schmizz.sshj.signature.SignatureRSA;
-import net.schmizz.sshj.transport.cipher.AES128CBC;
-import net.schmizz.sshj.transport.cipher.AES128CTR;
-import net.schmizz.sshj.transport.cipher.AES192CBC;
-import net.schmizz.sshj.transport.cipher.AES192CTR;
-import net.schmizz.sshj.transport.cipher.AES256CBC;
-import net.schmizz.sshj.transport.cipher.AES256CTR;
-import net.schmizz.sshj.transport.cipher.BlowfishCBC;
-import net.schmizz.sshj.transport.cipher.Cipher;
-import net.schmizz.sshj.transport.cipher.TripleDESCBC;
+import net.schmizz.sshj.transport.cipher.*;
 import net.schmizz.sshj.transport.compression.NoneCompression;
 import net.schmizz.sshj.transport.kex.Curve25519SHA256;
 import net.schmizz.sshj.transport.kex.DHGexSHA1;
 import net.schmizz.sshj.transport.kex.DHGexSHA256;
 import net.schmizz.sshj.transport.kex.ECDHNistP;
-import net.schmizz.sshj.transport.mac.HMACMD5;
-import net.schmizz.sshj.transport.mac.HMACMD596;
-import net.schmizz.sshj.transport.mac.HMACSHA1;
-import net.schmizz.sshj.transport.mac.HMACSHA196;
-import net.schmizz.sshj.transport.mac.HMACSHA2256;
-import net.schmizz.sshj.transport.mac.HMACSHA2512;
+import net.schmizz.sshj.transport.mac.*;
 import net.schmizz.sshj.transport.random.BouncyCastleRandom;
 import net.schmizz.sshj.transport.random.JCERandom;
 import net.schmizz.sshj.transport.random.SingletonRandomFactory;
@@ -65,6 +42,10 @@
 import net.schmizz.sshj.userauth.keyprovider.PKCS5KeyFile;
 import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
 import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
+import org.slf4j.Logger;
+
+import java.io.IOException;
+import java.util.*;
 
 /**
  * A {@link net.schmizz.sshj.Config} that is initialized as follows. Items marked with an asterisk are added to the config only if
@@ -72,9 +53,7 @@
  * <p/>
  * <ul>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setKeyExchangeFactories Key exchange}: {@link net.schmizz.sshj.transport.kex.DHG14}*, {@link net.schmizz.sshj.transport.kex.DHG1}</li>
- * <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers} [1]: {@link net.schmizz.sshj.transport.cipher.AES128CTR}, {@link net.schmizz.sshj.transport.cipher.AES192CTR}, {@link net.schmizz.sshj.transport.cipher.AES256CTR},
- * {@link
- * net.schmizz.sshj.transport.cipher.AES128CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.AES256CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.TripleDESCBC}, {@link net.schmizz.sshj.transport.cipher.BlowfishCBC}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers}: {@link BlockCiphers}, {@link StreamCiphers} [1]</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setMACFactories MAC}: {@link net.schmizz.sshj.transport.mac.HMACSHA1}, {@link net.schmizz.sshj.transport.mac.HMACSHA196}, {@link net.schmizz.sshj.transport.mac.HMACMD5}, {@link
  * net.schmizz.sshj.transport.mac.HMACMD596}</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
@@ -172,14 +151,13 @@ protected void initFileKeyProviderFactories(boolean bouncyCastleRegistered) {
 
     protected void initCipherFactories() {
         List<Factory.Named<Cipher>> avail = new LinkedList<Factory.Named<Cipher>>(Arrays.<Factory.Named<Cipher>>asList(
-                new AES128CTR.Factory(),
-                new AES192CTR.Factory(),
-                new AES256CTR.Factory(),
-                new AES128CBC.Factory(),
-                new AES192CBC.Factory(),
-                new AES256CBC.Factory(),
-                new TripleDESCBC.Factory(),
-                new BlowfishCBC.Factory(),
+                BlockCiphers.AES128CBC(),
+                BlockCiphers.AES128CTR(),
+                BlockCiphers.AES192CBC(),
+                BlockCiphers.AES192CTR(),
+                BlockCiphers.AES256CBC(),
+                BlockCiphers.AES256CTR(),
+                BlockCiphers.BlowfishCBC(),
                 BlockCiphers.BlowfishCTR(),
                 BlockCiphers.Cast128CBC(),
                 BlockCiphers.Cast128CTR(),
@@ -191,6 +169,7 @@ protected void initCipherFactories() {
                 BlockCiphers.Serpent192CTR(),
                 BlockCiphers.Serpent256CBC(),
                 BlockCiphers.Serpent256CTR(),
+                BlockCiphers.TripleDESCBC(),
                 BlockCiphers.TripleDESCTR(),
                 BlockCiphers.Twofish128CBC(),
                 BlockCiphers.Twofish128CTR(),
diff --git a/src/main/java/net/schmizz/sshj/SSHClient.java b/src/main/java/net/schmizz/sshj/SSHClient.java
index f210cd8e7..378b24e84 100644
--- a/src/main/java/net/schmizz/sshj/SSHClient.java
+++ b/src/main/java/net/schmizz/sshj/SSHClient.java
@@ -15,11 +15,7 @@
  */
 package net.schmizz.sshj;
 
-import net.schmizz.sshj.common.Factory;
-import net.schmizz.sshj.common.IOUtils;
-import net.schmizz.sshj.common.LoggerFactory;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.Connection;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.connection.ConnectionImpl;
@@ -42,6 +38,7 @@
 import net.schmizz.sshj.transport.compression.NoneCompression;
 import net.schmizz.sshj.transport.compression.ZlibCompression;
 import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
+import net.schmizz.sshj.transport.verification.FingerprintVerifier;
 import net.schmizz.sshj.transport.verification.HostKeyVerifier;
 import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
 import net.schmizz.sshj.userauth.UserAuth;
@@ -173,19 +170,23 @@ public void addAlgorithmsVerifier(AlgorithmsVerifier verifier) {
 
     /**
      * Add a {@link HostKeyVerifier} that will verify any host that's able to claim a host key with the given {@code
-     * fingerprint}, e.g. {@code "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"}
+     * fingerprint}.
+     *
+     * The fingerprint can be specified in either an MD5 colon-delimited format (16 hexadecimal octets, delimited by a colon),
+     * or in a Base64 encoded format for SHA-1 or SHA-256 fingerprints.
+     * Valid examples are:
+     *
+     * <ul><li>"SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak="</li>
+     * <li>"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs="</li>
+     * <li>"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li>
+     * <li>"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li></ul>
      *
      * @param fingerprint expected fingerprint in colon-delimited format (16 octets in hex delimited by a colon)
      *
      * @see SecurityUtils#getFingerprint
      */
     public void addHostKeyVerifier(final String fingerprint) {
-        addHostKeyVerifier(new HostKeyVerifier() {
-            @Override
-            public boolean verify(String h, int p, PublicKey k) {
-                return SecurityUtils.getFingerprint(k).equals(fingerprint);
-            }
-        });
+        addHostKeyVerifier(FingerprintVerifier.getInstance(fingerprint));
     }
 
     // FIXME: there are way too many auth... overrides. Better API needed.
diff --git a/src/main/java/net/schmizz/sshj/common/Buffer.java b/src/main/java/net/schmizz/sshj/common/Buffer.java
index 8cf35ae3b..fe9805f63 100644
--- a/src/main/java/net/schmizz/sshj/common/Buffer.java
+++ b/src/main/java/net/schmizz/sshj/common/Buffer.java
@@ -246,7 +246,7 @@ public T putBytes(byte[] b) {
      * @return this
      */
     public T putBytes(byte[] b, int off, int len) {
-        return putUInt32(len - off).putRawBytes(b, off, len);
+        return putUInt32(len).putRawBytes(b, off, len);
     }
 
     public void readRawBytes(byte[] buf)
diff --git a/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java b/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
index baf1048ae..4d96c3e67 100644
--- a/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
+++ b/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
@@ -94,4 +94,34 @@ public static String toHex(byte[] array, int offset, int len) {
         return sb.toString();
     }
 
+
+    public static byte[] parseHex(String hex) {
+        if (hex == null) {
+            throw new IllegalArgumentException("Hex string is null");
+        }
+        if (hex.length() % 2 != 0) {
+            throw new IllegalArgumentException("Hex string '" + hex + "' should have even length.");
+        }
+
+        byte[] result = new byte[hex.length() / 2];
+        for (int i = 0; i < result.length; i++) {
+            int hi = parseHexDigit(hex.charAt(i * 2)) << 4;
+            int lo = parseHexDigit(hex.charAt(i * 2 + 1));
+            result[i] = (byte) (hi + lo);
+        }
+        return result;
+    }
+
+    private static int parseHexDigit(char c) {
+        if (c >= '0' && c <= '9') {
+            return c - '0';
+        }
+        if (c >= 'a' && c <= 'f') {
+            return c - 'a' + 10;
+        }
+        if (c >= 'A' && c <= 'F') {
+            return c - 'A' + 10;
+        }
+        throw new IllegalArgumentException("Digit '" + c + "' out of bounds [0-9a-fA-F]");
+    }
 }
diff --git a/src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java b/src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java
index bf810fc72..3b54be585 100644
--- a/src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java
+++ b/src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java
@@ -15,15 +15,7 @@
  */
 package net.schmizz.sshj.common;
 
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PublicKey;
-import java.security.interfaces.ECPublicKey;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-
+import com.hierynomus.sshj.secg.SecgUtils;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.jce.spec.ECParameterSpec;
@@ -32,9 +24,18 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.hierynomus.sshj.secg.SecgUtils;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.ECPublicKey;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
 
-public class ECDSAVariationsAdapter {
+class ECDSAVariationsAdapter {
 
     private final static String BASE_ALGORITHM_NAME = "ecdsa-sha2-nistp";
 
@@ -53,7 +54,7 @@ public class ECDSAVariationsAdapter {
         SUPPORTED_CURVES.put("521", "nistp521");
     }
 
-    public static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
+    static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
         String algorithm = BASE_ALGORITHM_NAME + variation;
         if (!SecurityUtils.isBouncyCastleRegistered()) {
             throw new GeneralSecurityException("BouncyCastle is required to read a key of type " + algorithm);
@@ -92,7 +93,7 @@ public static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) th
         }
     }
 
-    public static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+    static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
         final ECPublicKey ecdsa = (ECPublicKey) pk;
         byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
 
@@ -100,8 +101,12 @@ public static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
             .putBytes(encoded);
     }
 
-    public static int fieldSizeFromKey(ECPublicKey ecPublicKey) {
-        return ecPublicKey.getParams().getCurve().getField().getFieldSize();
+    static boolean isECKeyWithFieldSize(Key key, int fieldSize) {
+        return "ECDSA".equals(key.getAlgorithm())
+                && fieldSizeFromKey((ECKey) key) == fieldSize;
     }
 
+    private static int fieldSizeFromKey(ECKey ecPublicKey) {
+        return ecPublicKey.getParams().getCurve().getField().getFieldSize();
+    }
 }
diff --git a/src/main/java/net/schmizz/sshj/common/KeyType.java b/src/main/java/net/schmizz/sshj/common/KeyType.java
index a54620f77..a86c99c46 100644
--- a/src/main/java/net/schmizz/sshj/common/KeyType.java
+++ b/src/main/java/net/schmizz/sshj/common/KeyType.java
@@ -15,6 +15,16 @@
  */
 package net.schmizz.sshj.common;
 
+import com.hierynomus.sshj.signature.Ed25519PublicKey;
+import com.hierynomus.sshj.userauth.certificate.Certificate;
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+import net.schmizz.sshj.common.Buffer.BufferException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Key;
@@ -22,30 +32,11 @@
 import java.security.PublicKey;
 import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.DSAPublicKeySpec;
 import java.security.spec.RSAPublicKeySpec;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Date;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.hierynomus.sshj.signature.Ed25519PublicKey;
-import com.hierynomus.sshj.userauth.certificate.Certificate;
-
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
-import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
-import net.schmizz.sshj.common.Buffer.BufferException;
+import java.util.*;
 
 /** Type of key e.g. rsa, dsa */
 public enum KeyType {
@@ -130,7 +121,7 @@ protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
 
         @Override
         protected boolean isMyType(Key key) {
-            return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 256);
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 256);
         }
     },
 
@@ -151,7 +142,7 @@ protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
 
         @Override
         protected boolean isMyType(Key key) {
-            return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 384);
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 384);
         }
     },
 
@@ -172,7 +163,7 @@ protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
 
         @Override
         protected boolean isMyType(Key key) {
-            return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 521);
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 521);
         }
     },
 
@@ -192,7 +183,7 @@ public PublicKey readPubKeyFromBuffer(Buffer<?> buf) throws GeneralSecurityExcep
                     );
                 }
 
-                EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.CURVE_ED25519_SHA512);
+                EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
                 EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(p, ed25519);
                 return new Ed25519PublicKey(publicSpec);
 
diff --git a/src/main/java/net/schmizz/sshj/common/SecurityUtils.java b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
index a549b90c1..96a0b8841 100644
--- a/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
+++ b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
@@ -15,13 +15,14 @@
  */
 package net.schmizz.sshj.common;
 
-import java.security.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import javax.crypto.Cipher;
 import javax.crypto.KeyAgreement;
 import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.security.*;
 
 import static java.lang.String.format;
 
@@ -68,15 +69,15 @@ public static boolean registerSecurityProvider(String providerClassName) {
             }
 
             if (securityProvider == null) {
-                MessageDigest.getInstance("MD5", provider.getName());
-                KeyAgreement.getInstance("DH", provider.getName());
+                MessageDigest.getInstance("MD5", provider);
+                KeyAgreement.getInstance("DH", provider);
                 setSecurityProvider(provider.getName());
                 return true;
             }
         } catch (NoSuchAlgorithmException e) {
             LOG.info(format("Security Provider '%s' does not support necessary algorithm", providerClassName), e);
-        } catch (NoSuchProviderException e) {
-            LOG.info("Registration of Security Provider '{}' unexpectedly failed", providerClassName);
+        } catch (Exception e) {
+            LOG.info(format("Registration of Security Provider '%s' unexpectedly failed", providerClassName), e);
         }
         return false;
     }
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
index 3407e368a..0b3180979 100644
--- a/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
@@ -137,6 +137,15 @@ public void listen() throws IOException {
         listen(Thread.currentThread());
     }
 
+    /**
+     * Returns whether this listener is running (ie. whether a thread is attached to it).
+     *
+     * @return
+     */
+    public boolean isRunning() {
+        return this.runningThread != null && !serverSocket.isClosed();
+    }
+
     /**
      * Start listening for incoming connections and forward to remote host as a channel and ensure that the thread is registered.
      * This is useful if for instance {@link #close() is called from another thread}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java b/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
index 14d054e1d..25463bfb7 100644
--- a/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
@@ -82,9 +82,7 @@ protected Promise<Response, SFTPException> asyncWrite(long fileOffset, byte[] da
             throws IOException {
         return requester.request(newRequest(PacketType.WRITE)
                 .putUInt64(fileOffset)
-                // TODO The SFTP spec claims this field is unneeded...? See #187
-                .putUInt32(len)
-                .putRawBytes(data, off, len)
+                .putString(data, off, len)
         );
     }
 
diff --git a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
index 9cd44a6f9..3eb9ae963 100644
--- a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
+++ b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
@@ -15,34 +15,48 @@
  */
 package net.schmizz.sshj.signature;
 
+import net.schmizz.sshj.common.Buffer;
 import net.schmizz.sshj.common.SSHRuntimeException;
 import net.schmizz.sshj.common.SecurityUtils;
 
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SignatureException;
+import java.security.*;
 
-/** An abstract class for {@link Signature} that implements common functionality. */
+/**
+ * An abstract class for {@link Signature} that implements common functionality.
+ */
 public abstract class AbstractSignature
         implements Signature {
 
-    protected final String algorithm;
-    protected java.security.Signature signature;
+    @SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
+    protected final java.security.Signature signature;
 
     protected AbstractSignature(String algorithm) {
-        this.algorithm = algorithm;
+        try {
+            this.signature = SecurityUtils.getSignature(algorithm);
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    protected AbstractSignature(@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
+                                        java.security.Signature signatureEngine) {
+        this.signature = signatureEngine;
     }
 
     @Override
-    public void init(PublicKey publicKey, PrivateKey privateKey) {
+    public void initVerify(PublicKey publicKey) {
         try {
-            signature = SecurityUtils.getSignature(algorithm);
-            if (publicKey != null)
-                signature.initVerify(publicKey);
-            if (privateKey != null)
-                signature.initSign(privateKey);
-        } catch (GeneralSecurityException e) {
+            signature.initVerify(publicKey);
+        } catch (InvalidKeyException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public void initSign(PrivateKey privateKey) {
+        try {
+            signature.initSign(privateKey);
+        } catch (InvalidKeyException e) {
             throw new SSHRuntimeException(e);
         }
     }
@@ -70,23 +84,24 @@ public byte[] sign() {
         }
     }
 
-    protected byte[] extractSig(byte[] sig) {
-        if (sig[0] == 0 && sig[1] == 0 && sig[2] == 0) {
-            int i = 0;
-            int j = sig[i++] << 24 & 0xff000000
-                    | sig[i++] << 16 & 0x00ff0000
-                    | sig[i++] << 8 & 0x0000ff00
-                    | sig[i++] & 0x000000ff;
-            i += j;
-            j = sig[i++] << 24 & 0xff000000
-                    | sig[i++] << 16 & 0x00ff0000
-                    | sig[i++] << 8 & 0x0000ff00
-                    | sig[i++] & 0x000000ff;
-            byte[] newSig = new byte[j];
-            System.arraycopy(sig, i, newSig, 0, j);
-            return newSig;
+    /**
+     * Check whether the signature is generated using the expected algorithm, and if so, return the signature blob
+     *
+     * @param sig                  The full signature
+     * @param expectedKeyAlgorithm The expected key algorithm
+     * @return The blob part of the signature
+     */
+    protected byte[] extractSig(byte[] sig, String expectedKeyAlgorithm) {
+        Buffer.PlainBuffer buffer = new Buffer.PlainBuffer(sig);
+        try {
+            String algo = buffer.readString();
+            if (!expectedKeyAlgorithm.equals(algo)) {
+                throw new SSHRuntimeException("Expected '" + expectedKeyAlgorithm + "' key algorithm, but got: " + algo);
+            }
+            return buffer.readBytes();
+        } catch (Buffer.BufferException e) {
+            throw new SSHRuntimeException(e);
         }
-        return sig;
     }
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/net/schmizz/sshj/signature/Signature.java b/src/main/java/net/schmizz/sshj/signature/Signature.java
index 6fc143b17..6ad1ac453 100644
--- a/src/main/java/net/schmizz/sshj/signature/Signature.java
+++ b/src/main/java/net/schmizz/sshj/signature/Signature.java
@@ -22,13 +22,24 @@
 public interface Signature {
 
     /**
-     * Initialize this signature with the given public key and private key. If the private key is null, only signature
-     * verification can be performed.
+     * Initialize this signature with the given public key for signature verification.
      *
-     * @param pubkey (null-ok) specify in case verification is needed
-     * @param prvkey (null-ok) specify in case signing is needed
+     * Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
+     * overwrite prior initialization.
+     *
+     * @param pubkey the public key to use for signature verification
+     */
+    void initVerify(PublicKey pubkey);
+
+    /**
+     * Initialize this signature with the given private key for signing.
+     *
+     * Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
+     * overwrite prior initialization.
+     *
+     * @param prvkey the private key to use for signing
      */
-    void init(PublicKey pubkey, PrivateKey prvkey);
+    void initSign(PrivateKey prvkey);
 
     /**
      * Convenience method, same as calling {@link #update(byte[], int, int)} with offset as {@code 0} and {@code
diff --git a/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java b/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
index 12305efc3..3406e609c 100644
--- a/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
@@ -17,14 +17,23 @@
 
 import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.common.SSHRuntimeException;
+import org.bouncycastle.asn1.*;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
 import java.security.SignatureException;
+import java.util.Arrays;
 
-/** DSA {@link Signature} */
+/**
+ * DSA {@link Signature}
+ */
 public class SignatureDSA
         extends AbstractSignature {
 
-    /** A named factory for DSA signature */
+    /**
+     * A named factory for DSA signature
+     */
     public static class Factory
             implements net.schmizz.sshj.common.Factory.Named<Signature> {
 
@@ -74,33 +83,33 @@ public byte[] encode(byte[] sig) {
 
     @Override
     public boolean verify(byte[] sig) {
-        sig = extractSig(sig);
-
-        // ASN.1
-        int frst = (sig[0] & 0x80) != 0 ? 1 : 0;
-        int scnd = (sig[20] & 0x80) != 0 ? 1 : 0;
-
-        int length = sig.length + 6 + frst + scnd;
-        byte[] tmp = new byte[length];
-        tmp[0] = (byte) 0x30;
-        tmp[1] = (byte) 0x2c;
-        tmp[1] += frst;
-        tmp[1] += scnd;
-        tmp[2] = (byte) 0x02;
-        tmp[3] = (byte) 0x14;
-        tmp[3] += frst;
-        System.arraycopy(sig, 0, tmp, 4 + frst, 20);
-        tmp[4 + tmp[3]] = (byte) 0x02;
-        tmp[5 + tmp[3]] = (byte) 0x14;
-        tmp[5 + tmp[3]] += scnd;
-        System.arraycopy(sig, 20, tmp, 6 + tmp[3] + scnd, 20);
-        sig = tmp;
-
         try {
-            return signature.verify(sig);
+            byte[] sigBlob = extractSig(sig, "ssh-dss");
+            return signature.verify(asnEncode(sigBlob));
         } catch (SignatureException e) {
             throw new SSHRuntimeException(e);
+        } catch (IOException e) {
+            throw new SSHRuntimeException(e);
         }
     }
 
+    /**
+     * Encodes the signature as a DER sequence (ASN.1 format).
+     */
+    private byte[] asnEncode(byte[] sigBlob) throws IOException {
+        byte[] r = new BigInteger(1, Arrays.copyOfRange(sigBlob, 0, 20)).toByteArray();
+        byte[] s = new BigInteger(1, Arrays.copyOfRange(sigBlob, 20, 40)).toByteArray();
+
+        ASN1EncodableVector vector = new ASN1EncodableVector();
+        vector.add(new ASN1Integer(r));
+        vector.add(new ASN1Integer(s));
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ASN1OutputStream asnOS = new ASN1OutputStream(baos);
+
+        asnOS.writeObject(new DERSequence(vector));
+        asnOS.flush();
+
+        return baos.toByteArray();
+    }
 }
diff --git a/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java b/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
index 7125173f4..b063e393b 100644
--- a/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
@@ -15,19 +15,18 @@
  */
 package net.schmizz.sshj.signature;
 
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.SignatureException;
-
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHRuntimeException;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.DERSequence;
 
-import net.schmizz.sshj.common.Buffer;
-import net.schmizz.sshj.common.KeyType;
-import net.schmizz.sshj.common.SSHRuntimeException;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.SignatureException;
 
 /** ECDSA {@link Signature} */
 public class SignatureECDSA extends AbstractSignature {
@@ -99,7 +98,7 @@ public byte[] encode(byte[] sig) {
         System.arraycopy(sig, 4, r, 0, rLen);
         System.arraycopy(sig, 6 + rLen, s, 0, sLen);
 
-        Buffer buf = new Buffer.PlainBuffer();
+        Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
         buf.putMPInt(new BigInteger(r));
         buf.putMPInt(new BigInteger(s));
 
@@ -108,26 +107,9 @@ public byte[] encode(byte[] sig) {
 
     @Override
     public boolean verify(byte[] sig) {
-        byte[] r;
-        byte[] s;
         try {
-            Buffer sigbuf = new Buffer.PlainBuffer(sig);
-            final String algo = new String(sigbuf.readBytes());
-            if (!keyTypeName.equals(algo)) {
-                throw new SSHRuntimeException(String.format("Signature :: " + keyTypeName + " expected, got %s", algo));
-            }
-            final int rsLen = sigbuf.readUInt32AsInt();
-            if (sigbuf.available() != rsLen) {
-                throw new SSHRuntimeException("Invalid key length");
-            }
-            r = sigbuf.readBytes();
-            s = sigbuf.readBytes();
-        } catch (Exception e) {
-            throw new SSHRuntimeException(e);
-        }
-
-        try {
-            return signature.verify(asnEncode(r, s));
+            byte[] sigBlob = extractSig(sig, keyTypeName);
+            return signature.verify(asnEncode(sigBlob));
         } catch (SignatureException e) {
             throw new SSHRuntimeException(e);
         } catch (IOException e) {
@@ -135,29 +117,19 @@ public boolean verify(byte[] sig) {
         }
     }
 
-    private byte[] asnEncode(byte[] r, byte[] s) throws IOException {
-        int rLen = r.length;
-        int sLen = s.length;
-
-        /*
-         * We can't have the high bit set, so add an extra zero at the beginning
-         * if so.
-         */
-        if ((r[0] & 0x80) != 0) {
-            rLen++;
-        }
-        if ((s[0] & 0x80) != 0) {
-            sLen++;
-        }
-
-        /* Calculate total output length */
-        int length = 6 + rLen + sLen;
+    /**
+     * Encodes the signature as a DER sequence (ASN.1 format).
+     */
+    private byte[] asnEncode(byte[] sigBlob) throws IOException {
+        Buffer.PlainBuffer sigbuf = new Buffer.PlainBuffer(sigBlob);
+        byte[] r = sigbuf.readBytes();
+        byte[] s = sigbuf.readBytes();
 
         ASN1EncodableVector vector = new ASN1EncodableVector();
         vector.add(new ASN1Integer(r));
         vector.add(new ASN1Integer(s));
 
-        ByteArrayOutputStream baos = new ByteArrayOutputStream(length);
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
         ASN1OutputStream asnOS = new ASN1OutputStream(baos);
 
         asnOS.writeObject(new DERSequence(vector));
diff --git a/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java b/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
index 6ed5f1bbd..16f33dbc9 100644
--- a/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
@@ -51,7 +51,7 @@ public byte[] encode(byte[] signature) {
 
     @Override
     public boolean verify(byte[] sig) {
-        sig = extractSig(sig);
+        sig = extractSig(sig, "ssh-rsa");
         try {
             return signature.verify(sig);
         } catch (SignatureException e) {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
index 20cf3d1af..4bdb35de4 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes128-cbc} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes128-cbc} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES128CBC()}
+ */
+@Deprecated
 public class AES128CBC
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes128-cbc";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES128CBC() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
index bc838a445..d0a8f51ce 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
@@ -15,11 +15,18 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes128-ctr} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes128-ctr} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES128CTR()}
+ */
+@Deprecated
 public class AES128CTR
         extends BlockCipher {
 
-    /** Named factory for AES128CBC Cipher */
+    /** Named factory for AES128CTR Cipher */
     public static class Factory
             implements net.schmizz.sshj.common.Factory.Named<Cipher> {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes128-ctr";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES128CTR() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
index 1ce379be8..724775c24 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes192-cbc} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes192-cbc} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES192CBC()}
+ */
+@Deprecated
 public class AES192CBC
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes192-cbc";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES192CBC() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
index 0beea5d86..2a4aebe60 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes192-ctr} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes192-ctr} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES192CTR()}
+ */
+@Deprecated
 public class AES192CTR
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes192-ctr";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES192CTR() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
index 330568add..2f33544ff 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes256-ctr} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes256-cbc} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES256CBC()}
+ */
+@Deprecated
 public class AES256CBC
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes256-cbc";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES256CBC() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
index b2fa3bf00..d5788d906 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
@@ -15,11 +15,18 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code aes256-ctr} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code aes256-ctr} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#AES256CTR()}
+ */
+@Deprecated
 public class AES256CTR
         extends BlockCipher {
 
-    /** Named factory for AES256CBC Cipher */
+    /** Named factory for AES256CTR Cipher */
     public static class Factory
             implements net.schmizz.sshj.common.Factory.Named<Cipher> {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "aes256-ctr";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public AES256CTR() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
index 378813c78..391953fee 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code blowfish-ctr} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code blowfish-bcb} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#BlowfishCBC()}
+ */
+@Deprecated
 public class BlowfishCBC
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "blowfish-cbc";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public BlowfishCBC() {
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
index 3c4c30a66..4d3f63dfe 100644
--- a/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
@@ -15,7 +15,14 @@
  */
 package net.schmizz.sshj.transport.cipher;
 
-/** {@code 3des-cbc} cipher */
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+
+/**
+ * {@code 3des-cbc} cipher
+ *
+ * @deprecated Use {@link BlockCiphers#TripleDESCBC()}
+ */
+@Deprecated
 public class TripleDESCBC
         extends BlockCipher {
 
@@ -32,6 +39,11 @@ public Cipher create() {
         public String getName() {
             return "3des-cbc";
         }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
     }
 
     public TripleDESCBC() {
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
index 8556650f7..4c045e4ad 100644
--- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
+++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
@@ -80,7 +80,7 @@ public boolean next(Message msg, SSHPacket packet)
 
         Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
                                                         KeyType.fromKey(hostKey).toString());
-        signature.init(hostKey, null);
+        signature.initVerify(hostKey);
         signature.update(H, 0, H.length);
         if (!signature.verify(sig))
             throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
index 25e496bf2..5c13d4307 100644
--- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
+++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
@@ -86,7 +86,7 @@ private boolean parseGexReply(SSHPacket buffer) throws Buffer.BufferException, G
         H = digest.digest();
         Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
                 KeyType.fromKey(hostKey).toString());
-        signature.init(hostKey, null);
+        signature.initVerify(hostKey);
         signature.update(H, 0, H.length);
         if (!signature.verify(sig))
             throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java b/src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java
index 17c64584a..01bd22381 100644
--- a/src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java
+++ b/src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java
@@ -15,16 +15,16 @@
  */
 package net.schmizz.sshj.transport.kex;
 
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.transport.random.Random;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.jce.spec.ECParameterSpec;
 
-import net.schmizz.sshj.common.Factory;
-import net.schmizz.sshj.transport.random.Random;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
 
 public class Curve25519DH extends DHBase {
 
diff --git a/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java b/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
index a85710e0d..cb9136236 100644
--- a/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
+++ b/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
@@ -15,10 +15,11 @@
  */
 package net.schmizz.sshj.transport.random;
 
-import java.security.SecureRandom;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.SecureRandom;
+
 /** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */
 public class JCERandom
         implements Random {
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/FingerprintVerifier.java b/src/main/java/net/schmizz/sshj/transport/verification/FingerprintVerifier.java
new file mode 100644
index 000000000..24045ed87
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/verification/FingerprintVerifier.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.regex.Pattern;
+
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+
+public class FingerprintVerifier implements HostKeyVerifier {
+    private static final Pattern MD5_FINGERPRINT_PATTERN = Pattern.compile("[0-9a-f]{2}+(:[0-9a-f]{2}+){15}+");
+    /**
+     * Valid examples:
+     *
+     * <ul>
+     * <li><code>4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
+     * <li><code>MD5:4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
+     * <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU</code></li>
+     * <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU=</code></li>
+     * <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo</code></li>
+     * <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo=</code></li>
+     * </ul>
+     *
+     *
+     * @param fingerprint of an SSH fingerprint in MD5 (hex), SHA-1 (base64) or SHA-256(base64) format
+     *
+     * @return
+     */
+    public static HostKeyVerifier getInstance(String fingerprint) {
+
+        try {
+            if (fingerprint.startsWith("SHA1:")) {
+                return new FingerprintVerifier("SHA-1", fingerprint.substring(5));
+            }
+
+            if (fingerprint.startsWith("SHA256:")) {
+                return new FingerprintVerifier("SHA-256", fingerprint.substring(7));
+            }
+
+            final String md5;
+            if (fingerprint.startsWith("MD5:")) {
+                md5 = fingerprint.substring(4); // remove the MD5: prefix
+            } else {
+                md5 = fingerprint;
+            }
+
+            if (!MD5_FINGERPRINT_PATTERN.matcher(md5).matches()) {
+                throw new SSHRuntimeException("Invalid MD5 fingerprint: " + fingerprint);
+            }
+
+            // Use the old default fingerprint verifier for md5 fingerprints
+            return (new HostKeyVerifier() {
+                @Override
+                public boolean verify(String h, int p, PublicKey k) {
+                    return SecurityUtils.getFingerprint(k).equals(md5);
+                }
+            });
+        } catch (SSHRuntimeException e) {
+            throw e;
+        } catch (IOException e) {
+            throw new SSHRuntimeException(e);
+        }
+
+    }
+
+    private final String digestAlgorithm;
+    private final byte[] fingerprintData;
+
+    /**
+     *
+     * @param digestAlgorithm
+     *            the used digest algorithm
+     * @param base64Fingerprint
+     *            base64 encoded fingerprint data
+     *
+     * @throws IOException
+     */
+    private FingerprintVerifier(String digestAlgorithm, String base64Fingerprint) throws IOException {
+        this.digestAlgorithm = digestAlgorithm;
+
+        // if the length is not padded with "=" chars at the end so that it is divisible by 4 the SSHJ Base64 implementation does not work correctly
+        StringBuilder base64FingerprintBuilder = new StringBuilder(base64Fingerprint);
+        while (base64FingerprintBuilder.length() % 4 != 0) {
+            base64FingerprintBuilder.append("=");
+        }
+        fingerprintData = Base64.decode(base64FingerprintBuilder.toString());
+    }
+
+    @Override
+    public boolean verify(String hostname, int port, PublicKey key) {
+        MessageDigest digest;
+        try {
+            digest = SecurityUtils.getMessageDigest(digestAlgorithm);
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+        digest.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
+
+        byte[] digestData = digest.digest();
+        return Arrays.equals(fingerprintData, digestData);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
index 1c035b981..38b3c3005 100644
--- a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
+++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
@@ -360,7 +360,7 @@ private String getKeyString() {
         }
 
         protected String getHostPart() {
-            return  hostPart;
+            return hostPart;
         }
     }
 
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java
index d209e0579..f4e7580ea 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java
@@ -15,6 +15,9 @@
  */
 package net.schmizz.sshj.userauth.keyprovider;
 
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.userauth.password.*;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.Reader;
@@ -22,9 +25,6 @@
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
-import net.schmizz.sshj.common.KeyType;
-import net.schmizz.sshj.userauth.password.*;
-
 public abstract class BaseFileKeyProvider implements FileKeyProvider {
     protected Resource<?> resource;
     protected PasswordFinder pwdf;
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
index eb5246d48..cd003d446 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
@@ -15,10 +15,10 @@
  */
 package net.schmizz.sshj.userauth.keyprovider;
 
+import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
 import net.schmizz.sshj.common.IOUtils;
 
 import java.io.*;
-import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
 
 public class KeyProviderUtil {
 
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS5KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS5KeyFile.java
index 66a28cd85..8f4068d48 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS5KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS5KeyFile.java
@@ -15,6 +15,15 @@
  */
 package net.schmizz.sshj.userauth.keyprovider;
 
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.transport.cipher.*;
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.digest.MD5;
+
 import java.io.BufferedReader;
 import java.io.EOFException;
 import java.io.IOException;
@@ -24,14 +33,6 @@
 import java.security.*;
 import java.security.spec.*;
 import java.util.Arrays;
-import javax.xml.bind.DatatypeConverter;
-
-import net.schmizz.sshj.common.Base64;
-import net.schmizz.sshj.common.IOUtils;
-import net.schmizz.sshj.common.KeyType;
-import net.schmizz.sshj.transport.cipher.*;
-import net.schmizz.sshj.transport.digest.Digest;
-import net.schmizz.sshj.transport.digest.MD5;
 
 /**
  * Represents a PKCS5-encoded key file. This is the format typically used by OpenSSH, OpenSSL, Amazon, etc.
@@ -116,17 +117,17 @@ protected KeyPair readKeyPair()
                         } else {
                             String algorithm = line.substring(10, ptr);
                             if ("DES-EDE3-CBC".equals(algorithm)) {
-                                cipher = new TripleDESCBC();
+                                cipher = BlockCiphers.TripleDESCBC().create();
                             } else if ("AES-128-CBC".equals(algorithm)) {
-                                cipher = new AES128CBC();
+                                cipher = BlockCiphers.AES128CBC().create();
                             } else if ("AES-192-CBC".equals(algorithm)) {
-                                cipher = new AES192CBC();
+                                cipher = BlockCiphers.AES192CBC().create();
                             } else if ("AES-256-CBC".equals(algorithm)) {
-                                cipher = new AES256CBC();
+                                cipher = BlockCiphers.AES256CBC().create();
                             } else {
                                 throw new FormatException("Not a supported algorithm: " + algorithm);
                             }
-                            iv = Arrays.copyOfRange(DatatypeConverter.parseHexBinary(line.substring(ptr + 1)), 0, cipher.getIVSize());
+                            iv = Arrays.copyOfRange(ByteArrayUtils.parseHex(line.substring(ptr + 1)), 0, cipher.getIVSize());
                         }
                     } else if (line.length() > 0) {
                         sb.append(line);
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
index 26f500584..2c012c3dd 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -15,8 +15,8 @@
  */
 package net.schmizz.sshj.userauth.keyprovider;
 
-import java.io.IOException;
-import java.security.KeyPair;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
 import org.bouncycastle.openssl.EncryptionException;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
@@ -26,8 +26,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import net.schmizz.sshj.common.IOUtils;
-import net.schmizz.sshj.userauth.password.PasswordUtils;
+import java.io.IOException;
+import java.security.KeyPair;
 
 /** Represents a PKCS8-encoded key file. This is the format used by (old-style) OpenSSH and OpenSSL. */
 public class PKCS8KeyFile extends BaseFileKeyProvider {
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
index 54d9f08b4..5a8ec6819 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
@@ -15,21 +15,21 @@
  */
 package net.schmizz.sshj.userauth.keyprovider;
 
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
+import org.bouncycastle.util.encoders.Hex;
+
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.*;
 import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.*;
 import java.util.HashMap;
 import java.util.Map;
-import javax.crypto.Cipher;
-import javax.crypto.Mac;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import org.bouncycastle.util.encoders.Hex;
-
-import net.schmizz.sshj.common.Base64;
-import net.schmizz.sshj.common.KeyType;
-import net.schmizz.sshj.userauth.password.PasswordUtils;
 
 /**
  * <h2>Sample PuTTY file format</h2>
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
index 158e99d48..75ea54319 100644
--- a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
+++ b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
@@ -66,7 +66,7 @@ protected SSHPacket putSig(SSHPacket reqBuf)
         if (signature == null)
             throw new UserAuthException("Could not create signature instance for " + kt + " key");
 
-        signature.init(null, key);
+        signature.initSign(key);
         signature.update(new Buffer.PlainBuffer()
                 .putString(params.getTransport().getSessionID())
                 .putBuffer(reqBuf) // & rest of the data for sig
diff --git a/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java b/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
index 3a59406c8..bf71fd1a9 100644
--- a/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
+++ b/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
@@ -16,7 +16,6 @@
 package net.schmizz.sshj.xfer;
 
 import net.schmizz.sshj.common.LoggerFactory;
-
 import org.slf4j.Logger;
 
 public abstract class AbstractFileTransfer {
diff --git a/src/main/java/net/schmizz/sshj/xfer/FileSystemFile.java b/src/main/java/net/schmizz/sshj/xfer/FileSystemFile.java
index 642fc11f8..b759f9cb0 100644
--- a/src/main/java/net/schmizz/sshj/xfer/FileSystemFile.java
+++ b/src/main/java/net/schmizz/sshj/xfer/FileSystemFile.java
@@ -21,6 +21,7 @@
 import java.io.*;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Stack;
 
 public class FileSystemFile
         implements LocalSourceFile, LocalDestFile {
@@ -83,8 +84,9 @@ public boolean accept(File file) {
             }
         });
 
-        if (childFiles == null)
+        if (childFiles == null) {
             throw new IOException("Error listing files in directory: " + this);
+        }
 
         final List<FileSystemFile> children = new ArrayList<FileSystemFile>();
         for (File f : childFiles) {
@@ -113,12 +115,13 @@ public long getLastModifiedTime()
     @Override
     public int getPermissions()
             throws IOException {
-        if (isDirectory())
+        if (isDirectory()) {
             return 0755;
-        else if (isFile())
+        } else if (isFile()) {
             return 0644;
-        else
+        } else {
             throw new IOException("Unsupported file type");
+        }
     }
 
     @Override
@@ -130,8 +133,9 @@ public void setLastAccessedTime(long t)
     @Override
     public void setLastModifiedTime(long t)
             throws IOException {
-        if (!file.setLastModified(t * 1000))
+        if (!file.setLastModified(t * 1000)) {
             log.warn("Could not set last modified time for {} to {}", file, t);
+        }
     }
 
     @Override
@@ -143,22 +147,41 @@ public void setPermissions(int perms)
                                            !(FilePermission.OTH_W.isIn(perms) || FilePermission.GRP_W.isIn(perms)));
         final boolean x = file.setExecutable(FilePermission.USR_X.isIn(perms),
                                              !(FilePermission.OTH_X.isIn(perms) || FilePermission.GRP_X.isIn(perms)));
-        if (!(r && w && x))
+        if (!(r && w && x)) {
             log.warn("Could not set permissions for {} to {}", file, Integer.toString(perms, 16));
+        }
     }
 
     @Override
     public FileSystemFile getChild(String name) {
+        validateIsChildPath(name);
         return new FileSystemFile(new File(file, name));
     }
 
+    private void validateIsChildPath(String name) {
+        String[] split = name.split("/");
+        Stack<String> s = new Stack<String>();
+        for (String component : split) {
+            if (component == null || component.isEmpty() || ".".equals(component)) {
+                continue;
+            } else if ("..".equals(component) && !s.isEmpty()) {
+                s.pop();
+                continue;
+            } else if ("..".equals(component)) {
+                throw new IllegalArgumentException("Cannot traverse higher than " + file + " to get child " + name);
+            }
+            s.push(component);
+        }
+    }
+
     @Override
     public FileSystemFile getTargetFile(String filename)
             throws IOException {
         FileSystemFile f = this;
 
-        if (f.isDirectory())
+        if (f.isDirectory()) {
             f = f.getChild(filename);
+        }
 
         if (!f.getFile().exists()) {
             if (!f.getFile().createNewFile())
@@ -174,12 +197,15 @@ public FileSystemFile getTargetDirectory(String dirname)
             throws IOException {
         FileSystemFile f = this;
 
-        if (f.getFile().exists())
+        if (f.getFile().exists()) {
             if (f.isDirectory()) {
-                if (!f.getName().equals(dirname))
+                if (!f.getName().equals(dirname)) {
                     f = f.getChild(dirname);
-            } else
+                }
+            } else {
                 throw new IOException(f + " - already exists as a file; directory required");
+            }
+        }
 
         if (!f.getFile().exists() && !f.getFile().mkdir())
             throw new IOException("Failed to create directory: " + f);
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
index fd25144dc..f9779497f 100644
--- a/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
@@ -75,9 +75,9 @@ private void startCopy(String sourcePath, LocalDestFile targetFile, ScpCommandLi
         engine.signal("Start status OK");
 
         String msg = engine.readMessage();
-        do
+        do {
             process(engine.getTransferListener(), null, msg, targetFile);
-        while (!(msg = engine.readMessage()).isEmpty());
+        } while (!(msg = engine.readMessage()).isEmpty());
     }
 
     private long parseLong(String longString, String valType)
@@ -93,15 +93,17 @@ private long parseLong(String longString, String valType)
 
     private int parsePermissions(String cmd)
             throws SCPException {
-        if (cmd.length() != 5)
+        if (cmd.length() != 5) {
             throw new SCPException("Could not parse permissions from `" + cmd + "`");
+        }
         return Integer.parseInt(cmd.substring(1), 8);
     }
 
     private boolean process(TransferListener listener, String bufferedTMsg, String msg, LocalDestFile f)
             throws IOException {
-        if (msg.length() < 1)
+        if (msg.length() < 1) {
             throw new SCPException("Could not parse message `" + msg + "`");
+        }
 
         switch (msg.charAt(0)) {
 
@@ -139,8 +141,9 @@ private void processDirectory(TransferListener listener, String dMsg, String tMs
         final List<String> dMsgParts = tokenize(dMsg, 3, true); // D<perms> 0 <dirname>
         final long length = parseLong(dMsgParts.get(1), "dir length");
         final String dirname = dMsgParts.get(2);
-        if (length != 0)
+        if (length != 0) {
             throw new IOException("Remote SCP command sent strange directory length: " + length);
+        }
 
         final TransferListener dirListener = listener.directory(dirname);
         {
@@ -186,9 +189,9 @@ private void setAttributes(LocalDestFile f, int perms, String tMsg)
     private static List<String> tokenize(String msg, int totalParts, boolean consolidateTail)
             throws IOException {
         List<String> parts = Arrays.asList(msg.split(" "));
-        if (parts.size() < totalParts ||
-                (!consolidateTail && parts.size() != totalParts))
+        if (parts.size() < totalParts || (!consolidateTail && parts.size() != totalParts)) {
             throw new IOException("Could not parse message received from remote SCP: " + msg);
+        }
 
         if (consolidateTail && totalParts < parts.size()) {
             final StringBuilder sb = new StringBuilder(parts.get(totalParts - 1));
diff --git a/src/test/groovy/com/hierynomus/sshj/common/KeyTypeSpec.groovy b/src/test/groovy/com/hierynomus/sshj/common/KeyTypeSpec.groovy
new file mode 100644
index 000000000..ef51eabb6
--- /dev/null
+++ b/src/test/groovy/com/hierynomus/sshj/common/KeyTypeSpec.groovy
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.common
+
+import net.schmizz.sshj.common.KeyType
+import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile
+import spock.lang.Specification
+import spock.lang.Unroll
+
+class KeyTypeSpec extends Specification {
+
+    @Unroll
+    def "should determine correct keytype for #type key"() {
+        given:
+        OpenSSHKeyFile kf = new OpenSSHKeyFile()
+        kf.init(privKey, pubKey)
+
+        expect:
+        KeyType.fromKey(kf.getPublic()) == type
+        KeyType.fromKey(kf.getPrivate()) == type
+
+        where:
+        privKey << ["""-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIGhcvG8anyHew/xZJfozh5XIc1kmZZs6o2f0l3KFs4jgoAoGCCqGSM49
+AwEHoUQDQgAEDUA1JYVD7URSoOGdwPxjea+ETD6IABMD9CWfk3NVTNkdu/Ksn7uX
+cLTQhx4N16z1IgW2bRbSbsmM++UKXmeWyg==
+-----END EC PRIVATE KEY-----"""]
+        pubKey << ["""ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1ANSWFQ+1EUqDhncD8Y3mvhEw+iAATA/Qln5NzVUzZHbvyrJ+7l3C00IceDdes9SIFtm0W0m7JjPvlCl5nlso= SSH Key"""]
+        type << [KeyType.ECDSA256]
+
+    }
+}
\ No newline at end of file
diff --git a/src/test/groovy/com/hierynomus/sshj/connection/channel/direct/LocalPortForwarderSpec.groovy b/src/test/groovy/com/hierynomus/sshj/connection/channel/direct/LocalPortForwarderSpec.groovy
index 4c6ac9d68..aa4fc221d 100644
--- a/src/test/groovy/com/hierynomus/sshj/connection/channel/direct/LocalPortForwarderSpec.groovy
+++ b/src/test/groovy/com/hierynomus/sshj/connection/channel/direct/LocalPortForwarderSpec.groovy
@@ -19,6 +19,7 @@ import com.hierynomus.sshj.test.SshFixture
 import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder
 import org.junit.Rule
 import spock.lang.Specification
+import spock.util.concurrent.PollingConditions
 
 class LocalPortForwarderSpec extends Specification {
   @Rule
@@ -44,6 +45,9 @@ class LocalPortForwarderSpec extends Specification {
     thread.start()
 
     then:
+    new PollingConditions().eventually {
+      lpf.isRunning()
+    }
     thread.isAlive()
 
     when:
diff --git a/src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersTest.groovy b/src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersTest.groovy
index 4eee47562..d335c7538 100644
--- a/src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersTest.groovy
+++ b/src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersTest.groovy
@@ -15,7 +15,6 @@
  */
 package com.hierynomus.sshj.transport.verification
 
-import com.hierynomus.sshj.transport.verification.KnownHostMatchers
 import spock.lang.Specification
 import spock.lang.Unroll
 
@@ -50,6 +49,11 @@ class KnownHostMatchersSpec extends Specification {
         "aaa.b??.com" | "aaa.bccd.com" | false
         "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.1.61" | true
         "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.2.61" | false
+        "[aaa.bbb.com]:2222" | "aaa.bbb.com" | false
+        "[aaa.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
+        "[aaa.?bb.com]:2222" | "[aaa.dbb.com]:2222" | true
+        "[aaa.?xb.com]:2222" | "[aaa.dbb.com]:2222" | false
+        "[*.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
         yesno = match ? "" : "no"
     }
 }
diff --git a/src/test/groovy/net/schmizz/sshj/signature/SignatureDSASpec.groovy b/src/test/groovy/net/schmizz/sshj/signature/SignatureDSASpec.groovy
new file mode 100644
index 000000000..8913b7f5c
--- /dev/null
+++ b/src/test/groovy/net/schmizz/sshj/signature/SignatureDSASpec.groovy
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+* Copyright (C)2009 - SSHJ Contributors
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package net.schmizz.sshj.signature
+
+import spock.lang.Unroll;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import spock.lang.Specification
+
+class SignatureDSASpec extends Specification {
+
+    def keyFactory = KeyFactory.getInstance("DSA")
+
+    private PublicKey createPublicKey(final byte[] y, final byte[] p, final byte[] q, final byte[] g) throws Exception {
+        final BigInteger publicKey = new BigInteger(y);
+        final BigInteger prime = new BigInteger(p);
+        final BigInteger subPrime = new BigInteger(q);
+        final BigInteger base = new BigInteger(g);
+        final DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(publicKey, prime, subPrime, base);
+        return keyFactory.generatePublic(dsaPubKeySpec);
+    }
+
+
+    @Unroll
+    def "should verify signature"() {
+        given:
+        def signatureDSA = new SignatureDSA()
+        def publicKey = createPublicKey(y, p, q, g)
+        signatureDSA.initVerify(publicKey)
+
+        when:
+        signatureDSA.update(H)
+
+        then:
+        signatureDSA.verify(H_sig)
+
+        where:
+        y << [[103, 23, -102, -4, -110, -90, 66, -52, -14, 125, -16, -76, -110, 33, -111, -113, -46, 27, -118, -73, 0, -19, -48, 43, -102, 56, -49, -84, 118, -10, 76, 84, -5, 84, 55, 72, -115, -34, 95, 80, 32, -120, 57, 101, -64, 111, -37, -26, 96, 55, -98, -24, -99, -81, 60, 22, 5, -55, 119, -95, -28, 114, -40, 13, 97, 65, 22, 33, 117, -59, 22, 81, -56, 98, -112, 103, -62, 90, -12, 81, 61, -67, 104, -24, 67, -18, -60, 78, -127, 44, 13, 11, -117, -118, -69, 89, -25, 26, 103, 72, -83, 114, -40, -124, -10, -31, -34, -49, -54, -15, 92, 79, -40, 14, -12, 58, -112, -30, 11, 48, 26, 121, 105, -68, 92, -93, 99, -78] as byte[],
+              [0, -92, 59, 5, 72, 124, 101, 124, -18, 114, 7, 100, 98, -61, 73, -104, 120, -98, 54, 118, 17, -62, 91, -110, 29, 98, 50, -101, -41, 99, -116, 101, 107, -123, 124, -97, 62, 119, 88, -109, -110, -1, 109, 119, -51, 69, -98, -105, 2, -69, -121, -82, -118, 23, -6, 96, -61, -65, 102, -58, -74, 32, -104, 116, -6, -35, -83, -10, -88, -68, 106, -112, 72, -2, 35, 38, 15, -11, -22, 30, -114, -46, -47, -18, -17, -71, 24, -25, 28, 13, 29, -40, 101, 18, 81, 45, -120, -67, -53, -41, 11, 50, -89, -33, 50, 54, -14, -91, -35, 12, -42, 13, -84, -19, 100, -3, -85, -18, 74, 99, -49, 64, -49, 51, -83, -82, -127, 116, 64] as byte[]]
+        p << [[0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
+               0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
+               48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
+               -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
+               15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
+               42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[],
+              [0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
+               0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
+               48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
+               -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
+               15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
+               42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[]]
+        q << [[0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[],
+              [0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[]]
+        g << [[0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
+               -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
+               -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
+               84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
+               98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
+               -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[],
+              [0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
+               -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
+               -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
+               84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
+               98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
+               -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[]]
+        H << [[-13, 20, 103, 73, 115, -68, 113, 74, -25, 12, -90, 19, 56, 73, -7, -49, -118, 107, -69, -39, -6, 82, -123,
+               54, -10, -43, 16, -117, -59, 36, -49, 27] as byte[],
+              [-4, 111, -103, 111, 72, -106, 105, -19, 81, -123, 84, -13, -40, -53, -3, -97, -8, 43, -22, -2, -23, -15, 28,
+               116, -63, 96, -79, -127, -84, 63, -6, -94] as byte[]]
+        H_sig << [[0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, -113, -52, 88, -117, 80, -105, -92, -124, -49,
+                   56, -35, 90, -9, -128, 31, -33, -18, 13, -5, 7, 108, -2, 92, 108, 85, 58, 39, 99, 122, -118, 125, -121, 21,
+                   -37, 2, 55, 109, -23, -125, 4] as byte[],
+                  [0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 0, 79, 84, 118, -50, 11, -117, -112, 52, -25,
+                   -78, -50, -20, 6, -69, -26, 7, 90, -34, -124, 80, 76, -32, -23, -8, 43, 38, -48, -89, -17, -60, -1, -78,
+                   112, -88, 14, -39, -78, -98, -80] as byte[]]
+    }
+
+}
diff --git a/src/test/groovy/net/schmizz/sshj/transport/verification/FingerprintVerifierSpec.groovy b/src/test/groovy/net/schmizz/sshj/transport/verification/FingerprintVerifierSpec.groovy
new file mode 100644
index 000000000..c7093c125
--- /dev/null
+++ b/src/test/groovy/net/schmizz/sshj/transport/verification/FingerprintVerifierSpec.groovy
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.verification
+
+import net.schmizz.sshj.common.Base64
+import net.schmizz.sshj.common.Buffer
+import spock.lang.Specification
+import spock.lang.Unroll
+
+class FingerprintVerifierSpec extends Specification {
+
+    @Unroll
+    def "should accept #digest fingerprints"() {
+        given:
+        def verifier = FingerprintVerifier.getInstance(fingerprint)
+        expect:
+        verifier.verify("", 0, getPublicKey())
+        where:
+        digest << ["SHA-1", "SHA-256", "MD5", "old style"]
+        fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak=",
+                         "SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs=",
+                         "MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32",
+                         "d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"]
+    }
+
+    @Unroll
+    def "should accept too short #digest fingerprints"() {
+        given:
+        def verifier = FingerprintVerifier.getInstance(fingerprint)
+        expect:
+        verifier.verify("", 0, getPublicKey())
+        where:
+        digest << ["SHA-1", "SHA-256"]
+        fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak",
+                        "SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs"]
+
+    }
+
+
+    def getPublicKey() {
+        def lines = new File("src/test/resources/keytypes/test_ed25519.pub").readLines()
+        def keystring = lines[0].split(" ")[1]
+        return new Buffer.PlainBuffer(Base64.decode(keystring)).readPublicKey()
+    }
+}
diff --git a/src/test/groovy/net/schmizz/sshj/userauth/password/ConsolePasswordFinderSpec.groovy b/src/test/groovy/net/schmizz/sshj/userauth/password/ConsolePasswordFinderSpec.groovy
new file mode 100644
index 000000000..956cc1167
--- /dev/null
+++ b/src/test/groovy/net/schmizz/sshj/userauth/password/ConsolePasswordFinderSpec.groovy
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password
+
+import spock.lang.Specification
+
+class ConsolePasswordFinderSpec extends Specification {
+
+//    def "should read password from console"() {
+//        given:
+//        def console = Mock(Console) {
+//            readPassword(*_) >> "password".toCharArray()
+//        }
+//        def cpf = new ConsolePasswordFinder(console)
+//        def resource = new AccountResource("test", "localhost")
+//
+//        when:
+//        def password = cpf.reqPassword(resource)
+//
+//        then:
+//        password == "password".toCharArray()
+//
+//    }
+}
diff --git a/src/test/groovy/net/schmizz/sshj/xfer/FileSystemFileSpec.groovy b/src/test/groovy/net/schmizz/sshj/xfer/FileSystemFileSpec.groovy
new file mode 100644
index 000000000..c9708a264
--- /dev/null
+++ b/src/test/groovy/net/schmizz/sshj/xfer/FileSystemFileSpec.groovy
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer
+
+import spock.lang.Specification
+
+class FileSystemFileSpec extends Specification {
+
+    def "should get child path"() {
+        given:
+        def file = new FileSystemFile("foo")
+
+        when:
+        def child = file.getChild("bar")
+
+        then:
+        child.getName() == "bar"
+    }
+
+    def "should not traverse higher than original path when getChild is called"() {
+        given:
+        def file = new FileSystemFile("foo")
+
+        when:
+        file.getChild("bar/.././foo/../../")
+
+        then:
+        thrown(IllegalArgumentException.class)
+    }
+
+    def "should ignore double slash (empty path component)"() {
+        given:
+        def file = new FileSystemFile("foo")
+
+        when:
+        def child = file.getChild("bar//etc/passwd")
+
+        then:
+        child.getFile().getPath() endsWith "foo/bar/etc/passwd"
+    }
+}
diff --git a/src/test/java/com/hierynomus/sshj/IntegrationTest.java b/src/test/java/com/hierynomus/sshj/IntegrationTest.java
deleted file mode 100644
index b6f977680..000000000
--- a/src/test/java/com/hierynomus/sshj/IntegrationTest.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C)2009 - SSHJ Contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.hierynomus.sshj;
-
-import java.io.File;
-import java.io.IOException;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import net.schmizz.sshj.DefaultConfig;
-import net.schmizz.sshj.SSHClient;
-import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class IntegrationTest {
-
-    @Test @Ignore // Should only be enabled for testing against VM
-    public void shouldConnect() throws IOException {
-        SSHClient sshClient = new SSHClient(new DefaultConfig());
-        sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(new File("/Users/ajvanerp/.ssh/known_hosts")));
-        sshClient.connect("172.16.37.147");
-        sshClient.authPublickey("jeroen");
-        assertThat("Is connected", sshClient.isAuthenticated());
-    }
-}
diff --git a/src/test/java/net/schmizz/sshj/common/BufferTest.java b/src/test/java/net/schmizz/sshj/common/BufferTest.java
index 2d2de53c8..98a7a2033 100644
--- a/src/test/java/net/schmizz/sshj/common/BufferTest.java
+++ b/src/test/java/net/schmizz/sshj/common/BufferTest.java
@@ -17,12 +17,11 @@
 
 import net.schmizz.sshj.common.Buffer.BufferException;
 import net.schmizz.sshj.common.Buffer.PlainBuffer;
-
-import static org.junit.Assert.*;
+import org.junit.Test;
 
 import java.math.BigInteger;
 
-import org.junit.Test;
+import static org.junit.Assert.*;
 
 public class BufferTest {
 
diff --git a/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java b/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
index 18cb3dc66..cc60399ad 100644
--- a/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
+++ b/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
@@ -15,13 +15,18 @@
  */
 package net.schmizz.sshj.keyprovider;
 
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.equalTo;
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
+import com.hierynomus.sshj.userauth.certificate.Certificate;
+import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
+import net.schmizz.sshj.userauth.password.Resource;
+import net.schmizz.sshj.util.KeyUtil;
+import org.apache.sshd.common.util.SecurityUtils;
+import org.junit.Before;
+import org.junit.Test;
 
 import java.io.File;
 import java.io.IOException;
@@ -39,20 +44,10 @@
 import java.util.Map;
 import java.util.Scanner;
 
-import org.apache.sshd.common.util.SecurityUtils;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.hierynomus.sshj.userauth.certificate.Certificate;
-import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
-
-import net.schmizz.sshj.common.KeyType;
-import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
-import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
-import net.schmizz.sshj.userauth.password.PasswordFinder;
-import net.schmizz.sshj.userauth.password.PasswordUtils;
-import net.schmizz.sshj.userauth.password.Resource;
-import net.schmizz.sshj.util.KeyUtil;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.*;
 
 public class OpenSSHKeyFileTest {
 
diff --git a/src/test/java/net/schmizz/sshj/sftp/SFTPClientTest.java b/src/test/java/net/schmizz/sshj/sftp/SFTPClientTest.java
index eb6dfaaee..bf2c25df4 100644
--- a/src/test/java/net/schmizz/sshj/sftp/SFTPClientTest.java
+++ b/src/test/java/net/schmizz/sshj/sftp/SFTPClientTest.java
@@ -15,13 +15,12 @@
  */
 package net.schmizz.sshj.sftp;
 
+import net.schmizz.sshj.common.LoggerFactory;
 import org.junit.Before;
 import org.junit.Test;
 
 import java.io.IOException;
 
-import net.schmizz.sshj.common.LoggerFactory;
-
 import static net.schmizz.sshj.sftp.PathHelper.DEFAULT_PATH_SEPARATOR;
 import static org.mockito.Mockito.*;
 
diff --git a/src/test/java/net/schmizz/sshj/signature/SignatureDSATest.java b/src/test/java/net/schmizz/sshj/signature/SignatureDSATest.java
new file mode 100644
index 000000000..339e13a97
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/signature/SignatureDSATest.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.signature;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.util.Arrays;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.IOUtils;
+
+public class SignatureDSATest {
+
+    private KeyFactory keyFactory;
+
+    @Before
+    public void setUp() throws NoSuchAlgorithmException {
+        keyFactory = KeyFactory.getInstance("DSA");
+    }
+
+    @Test
+    public void testSignAndVerify() throws Exception {
+        BigInteger x = new BigInteger(new byte[] { 58, 19, -71, -30, 89, -111, 75, 98, 110, 38, -56, -23, 68, 74, -40, 17, -30, 37, 50, 35 });
+        BigInteger y = new BigInteger(new byte[] { 32, -91, -39, 54, 19, 14, 26, 113, -109, -92, -45, 83, -86, 23, -103, 108, 102, 86, 110, 78, -45, -41, -37, 38, -94, -92, -124, -36, -93, 92, 127, 113, 97, -119, -10, -73, -41, -45, 98, -104, -54, -9, -92, 66, 15, 31, 68, -32, 32, -121, -51, 68, 29, 100, 59, 60, 109, 111, -81, 80, 7, 127, 116, -107, 88, -114, -114, -69, 41, -15, 59, 81, 70, 9, -113, 36, 119, 28, 16, -127, -65, 32, -19, 109, -27, 24, -48, -80, 84, 47, 119, 25, 57, -118, -66, -22, -105, -11, 112, 16, -91, -127, 62, 23, 89, -17, -43, -105, -4, -43, 60, 42, -81, -95, -27, -8, 98, -37, 120, 80, -76, 93, -24, -104, -117, 38, -56, -68 });
+        BigInteger p = new BigInteger(new byte[] { 0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57 });
+        BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 });
+        BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 });
+
+        byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(IOUtils.UTF8);
+
+        // A previously signed and verified signature using the data and DSA key parameters above.
+        byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 };
+
+        SignatureDSA signatureForSigning = new SignatureDSA();
+        signatureForSigning.initSign(keyFactory.generatePrivate(new DSAPrivateKeySpec(x, p, q, g)));
+        signatureForSigning.update(data);
+        byte[] sigBlob = signatureForSigning.encode(signatureForSigning.sign());
+        byte[] sigFull = new Buffer.PlainBuffer().putString("ssh-dss").putBytes(sigBlob).getCompactData();
+
+        SignatureDSA signatureForVerifying = new SignatureDSA();
+        signatureForVerifying.initVerify(keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g)));
+        signatureForVerifying.update(data);
+        Assert.assertTrue("Failed to verify signature: " + Arrays.toString(sigFull), signatureForVerifying.verify(sigFull));
+        signatureForVerifying.update(data);
+        Assert.assertTrue("Failed to verify signature: " + Arrays.toString(dataSig), signatureForVerifying.verify(dataSig));
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/signature/VerificationTest.java b/src/test/java/net/schmizz/sshj/signature/SignatureECDSATest.java
similarity index 97%
rename from src/test/java/net/schmizz/sshj/signature/VerificationTest.java
rename to src/test/java/net/schmizz/sshj/signature/SignatureECDSATest.java
index c9b9b743f..2ed767c9a 100644
--- a/src/test/java/net/schmizz/sshj/signature/VerificationTest.java
+++ b/src/test/java/net/schmizz/sshj/signature/SignatureECDSATest.java
@@ -15,15 +15,14 @@
  */
 package net.schmizz.sshj.signature;
 
-import java.security.PublicKey;
-
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.Buffer.BufferException;
 import org.junit.Assert;
 import org.junit.Test;
 
-import net.schmizz.sshj.common.Buffer;
-import net.schmizz.sshj.common.Buffer.BufferException;
+import java.security.PublicKey;
 
-public class VerificationTest {
+public class SignatureECDSATest {
 
     @Test
     public void testECDSA256Verifies() throws BufferException {
@@ -34,7 +33,7 @@ public void testECDSA256Verifies() throws BufferException {
         PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
 
         Signature signature = new SignatureECDSA.Factory256().create();
-        signature.init(hostKey, null);
+        signature.initVerify(hostKey);
         signature.update(H, 0, H.length);
         
         Assert.assertTrue("ECDSA256 signature verifies", signature.verify(sig));
@@ -49,7 +48,7 @@ public void testECDSA384Verifies() throws BufferException {
         PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
 
         Signature signature = new SignatureECDSA.Factory384().create();
-        signature.init(hostKey, null);
+        signature.initVerify(hostKey);
         signature.update(H, 0, H.length);
         
         Assert.assertTrue("ECDSA384 signature verifies", signature.verify(sig));
@@ -64,7 +63,7 @@ public void testECDSA521Verifies() throws BufferException {
         PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
 
         Signature signature = new SignatureECDSA.Factory521().create();
-        signature.init(hostKey, null);
+        signature.initVerify(hostKey);
         signature.update(H, 0, H.length);
         
         Assert.assertTrue("ECDSA521 signature verifies", signature.verify(sig));
diff --git a/src/test/java/net/schmizz/sshj/util/BufferTest.java b/src/test/java/net/schmizz/sshj/util/BufferTest.java
index 0d3316d54..39dce85fb 100644
--- a/src/test/java/net/schmizz/sshj/util/BufferTest.java
+++ b/src/test/java/net/schmizz/sshj/util/BufferTest.java
@@ -32,7 +32,6 @@
 
 import net.schmizz.sshj.common.Buffer;
 import net.schmizz.sshj.common.IOUtils;
-
 import org.junit.Before;
 import org.junit.Test;
 
diff --git a/src/test/java/net/schmizz/sshj/util/gss/BogusGSSContext.java b/src/test/java/net/schmizz/sshj/util/gss/BogusGSSContext.java
index 69000fadf..ee361a31a 100644
--- a/src/test/java/net/schmizz/sshj/util/gss/BogusGSSContext.java
+++ b/src/test/java/net/schmizz/sshj/util/gss/BogusGSSContext.java
@@ -15,9 +15,8 @@
  */
 package net.schmizz.sshj.util.gss;
 
-import org.ietf.jgss.*;
-
 import net.schmizz.sshj.common.IOUtils;
+import org.ietf.jgss.*;
 
 import java.io.InputStream;
 import java.io.OutputStream;