diff --git a/browserid/lib/ca.js b/browserid/lib/ca.js
index fd1b5bc2daa1f30eb0bc851df8e33fa551aa0637..39b7af7a93ee4f1017561480100ae1e5eedd0e32 100644
--- a/browserid/lib/ca.js
+++ b/browserid/lib/ca.js
@@ -37,6 +37,7 @@
 // certificate authority
 
 var jwcert = require('../../lib/jwcrypto/jwcert'),
+    jwk = require('../../lib/jwcrypto/jwk'),
     jws = require('../../lib/jwcrypto/jws'),
     configuration = require('../../libs/configuration'),
     path = require("path"),
@@ -54,10 +55,7 @@ function loadSecretKey(name, dir) {
   }
 
   // parse it
-  // it should be a JSON structure with alg and serialized key
-  // {alg: <ALG>, value: <SERIALIZED_KEY>}
-  var key = JSON.parse(secret);
-  return jws.getByAlg(key.alg).SecretKey.deserialize(key.value);
+  return jwk.SecretKey.deserialize(secret);
 }
 
 function loadPublicKey(name, dir) {
@@ -74,15 +72,14 @@ function loadPublicKey(name, dir) {
   // parse it
   // it should be a JSON structure with alg and serialized key
   // {alg: <ALG>, value: <SERIALIZED_KEY>}
-  var key = JSON.parse(secret);
-  return jws.getByAlg(key.alg).PublicKey.deserialize(key.value);
+  return jwk.PublicKey.deserialize(secret);
 }
 
 var SECRET_KEY = loadSecretKey('root', configuration.get('var_path'));
 var PUBLIC_KEY = loadPublicKey('root', configuration.get('var_path'));
 
 function parsePublicKey(serializedPK) {
-  return jws.getByAlg("RS").PublicKey.deserialize(serializedPK);
+  return jwk.PublicKey.deserialize(serializedPK);
 }
 
 function parseCert(serializedCert) {
diff --git a/browserid/tests/ca-test.js b/browserid/tests/ca-test.js
index 2806cca23b5d3d031eb01bfe54a2b1bdfa903707..f18403e14b9eee50ea05d7120659f879a0740976 100755
--- a/browserid/tests/ca-test.js
+++ b/browserid/tests/ca-test.js
@@ -44,6 +44,7 @@ wsapi = require('./lib/wsapi.js'),
 email = require('../lib/email.js'),
 ca = require('../lib/ca.js'),
 jwcert = require('../../lib/jwcrypto/jwcert'),
+jwk = require('../../lib/jwcrypto/jwk'),
 jws = require('../../lib/jwcrypto/jws');
 
 var suite = vows.describe('ca');
@@ -52,7 +53,7 @@ var suite = vows.describe('ca');
 suite.options.error = false;
 
 // generate a public key
-var kp = jws.getByAlg("RS").KeyPair.generate(64);
+var kp = jwk.KeyPair.generate("RS",64);
 
 var email_addr = "foo@foo.com";
 
diff --git a/browserid/tests/cert-emails-test.js b/browserid/tests/cert-emails-test.js
index 7893aef27222b8c22a54927c21707ba2a675ff62..b415ac562fa6e5d36855cdc37659758247e07df6 100755
--- a/browserid/tests/cert-emails-test.js
+++ b/browserid/tests/cert-emails-test.js
@@ -44,6 +44,7 @@ wsapi = require('./lib/wsapi.js'),
 email = require('../lib/email.js'),
 ca = require('../lib/ca.js'),
 jwcert = require('../../lib/jwcrypto/jwcert'),
+jwk = require('../../lib/jwcrypto/jwk'),
 jws = require('../../lib/jwcrypto/jws');
 
 var suite = vows.describe('cert-emails');
@@ -104,7 +105,7 @@ var cert_key_url = "/wsapi/cert_key";
 
 // generate a keypair, we'll use this to sign assertions, as if
 // this keypair is stored in the browser localStorage
-var kp = jws.getByAlg("RS").KeyPair.generate(64);
+var kp = jwk.KeyPair.generate("RS",64);
 
 suite.addBatch({
   "cert key with no parameters": {
diff --git a/lib/jwcrypto b/lib/jwcrypto
index 9aaa4c075c9b4f6188b5f0098e641f21f2c30a2a..36562ebe7ed0ad0823206167ee1fa11ecc3c682d 160000
--- a/lib/jwcrypto
+++ b/lib/jwcrypto
@@ -1 +1 @@
-Subproject commit 9aaa4c075c9b4f6188b5f0098e641f21f2c30a2a
+Subproject commit 36562ebe7ed0ad0823206167ee1fa11ecc3c682d