diff --git a/README.md b/README.md
index 071f7ac..6554e9f 100644
--- a/README.md
+++ b/README.md
@@ -22,69 +22,3 @@ dependencies {
 }
 ```
 
-## API
-
-### V1
-
-#### Sign the message
-
-```kotlin
-val privateKeyHex = "0xcafebabe"
-val msg = "to be signed"
-
-//with Ed25519 schema
-val ed25519Signer: Signer = Ed25519Signer(Hex.decode(privateKeyHex))
-val ed25519Signature = ed25519Signer.signToBytes(msg)
-
-//with Sr25519 schema
-val sr25519Signer: Signer = Sr25519Signer(Hex.decode(privateKeyHex))
-val sr25519Signature = sr25519Signer.signToBytes(msg)
-```
-
-#### Encrypt and decrypt raw message
-
-```kotlin
-val data = "raw data".toByteArray()
-val masterKeyHex = Hex.encode("super-secret-key".repeat(2).toByteArray())
-val encrypter = RawDataEncrypter(EncryptionConfig(masterKeyHex))
-val decrypter = RawDataDecrypter(DecryptionConfig(mapOf("" to masterKeyHex)))
-val encrypted = encrypter.encrypt(data)
-val decrypted = decrypted.decrypt(result) // "raw data"
-```
-
-#### Encrypt and decrypt JSON message
-
-```kotlin
-val masterKeyHex = Hex.encode("super-secret-key".repeat(2).toByteArray())
-val encrypter = JsonDataEncrypter(
-    EncryptionConfig(
-        masterKeyHex,
-        listOf("$.k1") // JSON Paths we want to encrypt, default is "$..*" which means all fields
-    )
-)
-val decrypter = JsonDataDecrypter(
-    DecryptionConfig(
-        mapOf("$.k1" to "0ae19ba1e42a63aefea507a19df00ffc962bc894b3fb720723d45e456f636977") // derived key for this path
-    )
-)
-val data = """
-            {
-                "k1": "v1",
-                "k2": "v2",
-                "k3": {
-                    "k4": true,
-                    "k5": ["v5", "v5"]
-                },
-                "k6": {
-                    "k7": {
-                        "k8": 123
-                    }
-                }
-            }
-        """.trimIndent().toByteArray()
-
-val encrypted = encrypter.encrypt(data)
-val decrypted = decrypted.decrypt(result) // "original json"
-```
-
-
diff --git a/build.gradle.kts b/build.gradle.kts
index d464167..33c9968 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -11,15 +11,13 @@ group = "com.github.cerebellum-network"
 repositories {
     mavenLocal()
     mavenCentral()
-    maven { url = uri("https://dl.bintray.com/emerald/polkaj") }
 }
 
 dependencies {
     implementation(kotlin("stdlib"))
 
-    implementation("com.rfksystems:blake2b:1.0.0")
-    implementation("com.google.crypto.tink:tink:1.5.0")
-    implementation("io.emeraldpay.polkaj:polkaj-schnorrkel:0.3.0")
+    api("com.goterl:lazysodium-java:5.0.1")
+    implementation("net.java.dev.jna:jna:5.8.0")
 
     implementation("com.github.jsurfer:jsurfer-jackson:1.6.0")
     implementation("com.jayway.jsonpath:json-path:2.5.0")
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/TypeHint.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/TypeHint.kt
deleted file mode 100644
index 9d0e38e..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/TypeHint.kt
+++ /dev/null
@@ -1,6 +0,0 @@
-package network.cere.ddc.crypto.v1
-
-enum class TypeHint {
-    JSON,
-    RAW
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/common/BaseCryptoService.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/common/BaseCryptoService.kt
new file mode 100644
index 0000000..2ee01ce
--- /dev/null
+++ b/src/main/kotlin/network/cere/ddc/crypto/v1/common/BaseCryptoService.kt
@@ -0,0 +1,21 @@
+package network.cere.ddc.crypto.v1.common
+
+import com.goterl.lazysodium.LazySodium
+import com.goterl.lazysodium.interfaces.AEAD
+import com.goterl.lazysodium.interfaces.Box
+import com.goterl.lazysodium.utils.Key
+
+abstract class BaseCryptoService(protected val sodium: LazySodium) {
+    protected companion object {
+        const val JSON_ROOT_PATH = "$"
+    }
+
+    private val emptyNonce = ByteArray(Box.NONCEBYTES)
+    private val encryptionMethod = AEAD.Method.XCHACHA20_POLY1305_IETF
+
+    protected fun encrypt(message: String, key: Key) =
+        sodium.encrypt(message, null, emptyNonce, key, encryptionMethod)
+
+    protected fun decrypt(cipherHex: String, key: Key) =
+        sodium.decrypt(cipherHex, null, emptyNonce, key, encryptionMethod)
+}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/AbstractDecrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/AbstractDecrypter.kt
deleted file mode 100644
index ed9f027..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/AbstractDecrypter.kt
+++ /dev/null
@@ -1,9 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-import com.google.crypto.tink.subtle.Hex
-import com.google.crypto.tink.subtle.XChaCha20Poly1305
-
-abstract class AbstractDecrypter(decryptionConfig: DecryptionConfig) : Decrypter {
-    protected val aeadCache = decryptionConfig.pathToDecryptToDecryptionKeyHex
-        .mapValues { XChaCha20Poly1305(Hex.decode(it.value.removePrefix("0x"))) }
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/Decrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/Decrypter.kt
index d03ed7a..3ab8bb0 100644
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/Decrypter.kt
+++ b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/Decrypter.kt
@@ -1,9 +1,46 @@
 package network.cere.ddc.crypto.v1.decrypt
 
-import network.cere.ddc.crypto.v1.TypeHint
+import com.fasterxml.jackson.databind.JsonNode
+import com.goterl.lazysodium.LazySodium
+import com.goterl.lazysodium.utils.Key
+import com.jayway.jsonpath.JsonPath
+import network.cere.ddc.crypto.v1.common.BaseCryptoService
+import org.jsfr.json.JacksonParser
+import org.jsfr.json.JsonPathListener
+import org.jsfr.json.JsonSurfer
+import org.jsfr.json.ParsingContext
+import org.jsfr.json.provider.JacksonProvider
 
-interface Decrypter {
-    val supportedDataType: TypeHint
-
-    fun decrypt(data: ByteArray): ByteArray
+class Decrypter(
+    sodium: LazySodium,
+    private val pathToDecryptToDecryptionKeyHex: Map<String, String>
+) : BaseCryptoService(sodium) {
+    fun decrypt(data: String): String {
+        val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE)
+        val toReplace = mutableMapOf<String, String>()
+        val builder = surfer.configBuilder()
+        pathToDecryptToDecryptionKeyHex.forEach {
+            builder.bind(it.key, object : JsonPathListener {
+                override fun onValue(value: Any, context: ParsingContext) {
+                    val node = value as JsonNode
+                    if (node.isValueNode) {
+                        val path = context.jsonPath
+                        toReplace[path] = decrypt(node.textValue(), Key.fromHexString(it.value))
+                    }
+                }
+            })
+        }
+        return runCatching {
+            builder.buildAndSurf(data)
+        }.fold(
+            {
+                val ctx = JsonPath.parse(data)
+                toReplace.forEach { (p, v) -> ctx.set(p, v) }
+                ctx.jsonString()
+            },
+            {
+                decrypt(data, Key.fromHexString(pathToDecryptToDecryptionKeyHex[JSON_ROOT_PATH]))
+            }
+        )
+    }
 }
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/DecryptionConfig.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/DecryptionConfig.kt
deleted file mode 100644
index 5133d2c..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/DecryptionConfig.kt
+++ /dev/null
@@ -1,5 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-data class DecryptionConfig(
-    val pathToDecryptToDecryptionKeyHex: Map<String, String>
-)
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypter.kt
deleted file mode 100644
index 07b62e7..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypter.kt
+++ /dev/null
@@ -1,36 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-import com.fasterxml.jackson.databind.JsonNode
-import com.google.crypto.tink.subtle.Hex
-import com.jayway.jsonpath.JsonPath
-import network.cere.ddc.crypto.v1.TypeHint
-import org.jsfr.json.JacksonParser
-import org.jsfr.json.JsonPathListener
-import org.jsfr.json.JsonSurfer
-import org.jsfr.json.ParsingContext
-import org.jsfr.json.provider.JacksonProvider
-
-class JsonDataDecrypter(decryptionConfig: DecryptionConfig) : AbstractDecrypter(decryptionConfig) {
-    override val supportedDataType: TypeHint = TypeHint.JSON
-
-    override fun decrypt(data: ByteArray): ByteArray {
-        val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE)
-        val toReplace = mutableMapOf<String, ByteArray>()
-        val builder = surfer.configBuilder()
-        aeadCache.forEach {
-            builder.bind(it.key, object : JsonPathListener {
-                override fun onValue(value: Any, context: ParsingContext) {
-                    val node = value as JsonNode
-                    if (node.isValueNode) {
-                        val path = context.jsonPath
-                        toReplace[path] = it.value.decrypt(Hex.decode(node.textValue()), null)
-                    }
-                }
-            })
-        }
-        data.inputStream().use(builder::buildAndSurf)
-        val ctx = data.inputStream().use(JsonPath::parse)
-        toReplace.forEach { (p, v) -> ctx.set(p, v.decodeToString()) }
-        return ctx.jsonString().toByteArray()
-    }
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypter.kt
deleted file mode 100644
index 5cd229a..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypter.kt
+++ /dev/null
@@ -1,11 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-import network.cere.ddc.crypto.v1.TypeHint
-
-class RawDataDecrypter(decryptionConfig: DecryptionConfig) : AbstractDecrypter(decryptionConfig) {
-    override val supportedDataType: TypeHint = TypeHint.RAW
-
-    override fun decrypt(data: ByteArray): ByteArray {
-        return aeadCache.values.first().decrypt(data, null)
-    }
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/AbstractEncrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/AbstractEncrypter.kt
deleted file mode 100644
index 83afd0e..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/AbstractEncrypter.kt
+++ /dev/null
@@ -1,9 +0,0 @@
-package network.cere.ddc.crypto.v1.encrypt
-
-import com.google.crypto.tink.subtle.Hex
-import com.google.crypto.tink.subtle.XChaCha20Poly1305
-
-abstract class AbstractEncrypter(protected val encryptionConfig: EncryptionConfig) : Encrypter {
-    protected val masterKey = Hex.decode(encryptionConfig.masterKeyHex.removePrefix("0x"))
-    protected val masterAead = XChaCha20Poly1305(masterKey)
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/Encrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/Encrypter.kt
index 04530c8..248c1f0 100644
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/Encrypter.kt
+++ b/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/Encrypter.kt
@@ -1,9 +1,57 @@
 package network.cere.ddc.crypto.v1.encrypt
 
-import network.cere.ddc.crypto.v1.TypeHint
+import com.fasterxml.jackson.databind.JsonNode
+import com.goterl.lazysodium.LazySodium
+import com.goterl.lazysodium.utils.Key
+import com.jayway.jsonpath.JsonPath
+import network.cere.ddc.crypto.v1.common.BaseCryptoService
+import org.jsfr.json.JacksonParser
+import org.jsfr.json.JsonPathListener
+import org.jsfr.json.JsonSurfer
+import org.jsfr.json.ParsingContext
+import org.jsfr.json.provider.JacksonProvider
 
-interface Encrypter {
-    val supportedDataType: TypeHint
+class Encrypter(
+    sodium: LazySodium,
+    private val encryptionConfig: EncryptionConfig
+) : BaseCryptoService(sodium) {
+    private val masterKey = Key.fromHexString(encryptionConfig.masterKeyHex)
 
-    fun encrypt(data: ByteArray): ByteArray
+    fun encrypt(data: String): Pair<String, Map<String, String>> {
+        val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE)
+        val toReplace = mutableMapOf<String, String>()
+        val builder = surfer.configBuilder()
+        val pathToKey = mutableMapOf<String, String>()
+        encryptionConfig.jsonPathsToEncrypt.forEach {
+            builder.bind(it, object : JsonPathListener {
+                override fun onValue(value: Any, context: ParsingContext) {
+                    val node = value as JsonNode
+                    if (node.isValueNode) {
+                        val path = context.jsonPath
+                        val dek = dek(path)
+                        val encrypted = encrypt(node.asText(), Key.fromHexString(dek))
+                        toReplace[path] = encrypted
+                        pathToKey[path] = dek
+                    }
+                }
+            })
+        }
+        return runCatching {
+            builder.buildAndSurf(data)
+        }.fold(
+            {
+                val ctx = JsonPath.parse(data)
+                toReplace.forEach { (p, v) -> ctx.set(p, v) }
+                ctx.jsonString() to pathToKey
+            },
+            {
+                val dek = dek(JSON_ROOT_PATH)
+                encrypt(data, Key.fromHexString(dek)) to mapOf(JSON_ROOT_PATH to dek)
+            }
+        )
+    }
+
+    private fun dek(path: String): String {
+        return sodium.cryptoGenericHash(path, masterKey)
+    }
 }
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypter.kt
deleted file mode 100644
index 1251cfb..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypter.kt
+++ /dev/null
@@ -1,68 +0,0 @@
-package network.cere.ddc.crypto.v1.encrypt
-
-import com.fasterxml.jackson.databind.JsonNode
-import com.google.crypto.tink.Aead
-import com.google.crypto.tink.subtle.Hex
-import com.google.crypto.tink.subtle.XChaCha20Poly1305
-import com.jayway.jsonpath.Configuration
-import com.jayway.jsonpath.JsonPath
-import com.jayway.jsonpath.Option
-import com.jayway.jsonpath.spi.json.JacksonJsonProvider
-import com.jayway.jsonpath.spi.json.JsonProvider
-import com.jayway.jsonpath.spi.mapper.JacksonMappingProvider
-import com.jayway.jsonpath.spi.mapper.MappingProvider
-import com.rfksystems.blake2b.security.Blake2b256Digest
-import network.cere.ddc.crypto.v1.TypeHint
-import org.jsfr.json.JacksonParser
-import org.jsfr.json.JsonPathListener
-import org.jsfr.json.JsonSurfer
-import org.jsfr.json.ParsingContext
-import org.jsfr.json.provider.JacksonProvider
-import java.util.*
-import java.util.concurrent.ConcurrentHashMap
-
-class JsonDataEncrypter(encryptionConfig: EncryptionConfig) : AbstractEncrypter(encryptionConfig) {
-    private val aeadCache = ConcurrentHashMap<String, Aead>()
-
-    init {
-        Configuration.setDefaults(object : Configuration.Defaults {
-            private val jsonProvider = JacksonJsonProvider()
-            private val mappingProvider = JacksonMappingProvider()
-            override fun jsonProvider(): JsonProvider = jsonProvider
-            override fun options(): Set<Option> = EnumSet.noneOf(Option::class.java)
-            override fun mappingProvider(): MappingProvider = mappingProvider
-        })
-    }
-
-    override val supportedDataType: TypeHint = TypeHint.JSON
-
-    override fun encrypt(data: ByteArray): ByteArray {
-        val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE)
-        val toReplace = mutableMapOf<String, String>()
-        val builder = surfer.configBuilder()
-        encryptionConfig.jsonPathsToEncrypt.forEach {
-            builder.bind(it, object : JsonPathListener {
-                override fun onValue(value: Any, context: ParsingContext) {
-                    val node = value as JsonNode
-                    if (node.isValueNode) {
-                        val path = context.jsonPath
-                        toReplace[path] = Hex.encode(derivedAead(path).encrypt(node.asText().toByteArray(), null))
-                    }
-                }
-            })
-        }
-        data.inputStream().use(builder::buildAndSurf)
-        val ctx = data.inputStream().use(JsonPath::parse)
-        toReplace.forEach { (p, v) -> ctx.set(p, v) }
-        return ctx.jsonString().toByteArray()
-    }
-
-    private fun derivedAead(path: String): Aead {
-        return aeadCache.computeIfAbsent(path) {
-            Blake2b256Digest()
-                .apply { update(masterKey + path.toByteArray()) }
-                .digest()
-                .let(::XChaCha20Poly1305)
-        }
-    }
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypter.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypter.kt
deleted file mode 100644
index 893dda4..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypter.kt
+++ /dev/null
@@ -1,11 +0,0 @@
-package network.cere.ddc.crypto.v1.encrypt
-
-import network.cere.ddc.crypto.v1.TypeHint
-
-class RawDataEncrypter(encryptionConfig: EncryptionConfig) : AbstractEncrypter(encryptionConfig) {
-    override val supportedDataType: TypeHint = TypeHint.RAW
-
-    override fun encrypt(data: ByteArray): ByteArray {
-        return masterAead.encrypt(data, null)
-    }
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519Signer.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519Signer.kt
deleted file mode 100644
index cba0c14..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519Signer.kt
+++ /dev/null
@@ -1,11 +0,0 @@
-package network.cere.ddc.crypto.v1.sign
-
-import com.google.crypto.tink.subtle.Ed25519Sign
-
-class Ed25519Signer(privateKey: ByteArray) : Signer {
-    private val sign = Ed25519Sign(privateKey)
-
-    override val algorithm: SignatureAlgorithm = SignatureAlgorithm.ED25519
-
-    override fun signToBytes(message: ByteArray): ByteArray = sign.sign(message)
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/SignatureAlgorithm.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/sign/SignatureAlgorithm.kt
deleted file mode 100644
index 07fe2b8..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/SignatureAlgorithm.kt
+++ /dev/null
@@ -1,5 +0,0 @@
-package network.cere.ddc.crypto.v1.sign
-
-enum class SignatureAlgorithm {
-    ED25519, SR25519
-}
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Signer.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Signer.kt
index 29d5777..478da93 100644
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Signer.kt
+++ b/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Signer.kt
@@ -1,15 +1,12 @@
 package network.cere.ddc.crypto.v1.sign
 
-import com.google.crypto.tink.subtle.Hex
+import com.goterl.lazysodium.LazySodium
+import com.goterl.lazysodium.utils.Key
 
-interface Signer {
-    val algorithm: SignatureAlgorithm
+class Signer(private val sodium: LazySodium, privateKeyHex: String) {
+    private val secretKey = Key.fromHexString(privateKeyHex)
 
-    fun signToBytes(message: String) = signToBytes(message.toByteArray())
-
-    fun signToHex(message: String): String = signToHex(message.toByteArray())
-
-    fun signToHex(message: ByteArray): String = Hex.encode(signToBytes(message))
-
-    fun signToBytes(message: ByteArray): ByteArray
+    fun sign(message: String): String {
+        return sodium.cryptoSignDetached(message, secretKey)
+    }
 }
diff --git a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519Signer.kt b/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519Signer.kt
deleted file mode 100644
index 000faa5..0000000
--- a/src/main/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519Signer.kt
+++ /dev/null
@@ -1,12 +0,0 @@
-package network.cere.ddc.crypto.v1.sign
-
-import io.emeraldpay.polkaj.schnorrkel.Schnorrkel
-
-class Sr25519Signer(privateKey: ByteArray) : Signer {
-    private val schnorrkel = Schnorrkel.getInstance()
-    private val keyPair = Schnorrkel.KeyPair(ByteArray(32), privateKey)
-
-    override val algorithm: SignatureAlgorithm = SignatureAlgorithm.SR25519
-
-    override fun signToBytes(message: ByteArray): ByteArray = schnorrkel.sign(message, keyPair)
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/IntegrationTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/IntegrationTest.kt
deleted file mode 100644
index 2f7e6c5..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/IntegrationTest.kt
+++ /dev/null
@@ -1,62 +0,0 @@
-package network.cere.ddc.crypto.v1
-
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.google.crypto.tink.subtle.Hex
-import network.cere.ddc.crypto.v1.decrypt.DecryptionConfig
-import network.cere.ddc.crypto.v1.decrypt.JsonDataDecrypter
-import network.cere.ddc.crypto.v1.decrypt.RawDataDecrypter
-import network.cere.ddc.crypto.v1.encrypt.EncryptionConfig
-import network.cere.ddc.crypto.v1.encrypt.JsonDataEncrypter
-import network.cere.ddc.crypto.v1.encrypt.RawDataEncrypter
-import org.junit.jupiter.api.Assertions.assertArrayEquals
-import org.junit.jupiter.api.Test
-
-internal class IntegrationTest {
-    private val masterKeyHex = Hex.encode("super-secret-key".repeat(2).toByteArray())
-
-    @Test
-    fun `Encrypt and decrypt raw`() {
-        //given
-        val encrypter = RawDataEncrypter(EncryptionConfig(masterKeyHex))
-        val decrypter = RawDataDecrypter(DecryptionConfig(mapOf("" to masterKeyHex)))
-        val data = "raw data".toByteArray()
-
-        //when
-        val result = decrypter.decrypt(encrypter.encrypt(data))
-
-        //then
-        assertArrayEquals(data, result)
-    }
-
-    @Test
-    fun `Encrypt and decrypt JSON`() {
-        //given
-        val encrypter = JsonDataEncrypter(EncryptionConfig(masterKeyHex, listOf("$.k1")))
-        val decrypter = JsonDataDecrypter(
-            DecryptionConfig(
-                mapOf("$.k1" to "0ae19ba1e42a63aefea507a19df00ffc962bc894b3fb720723d45e456f636977")
-            )
-        )
-        val data = """
-            {
-                "k1": "v1",
-                "k2": "v2",
-                "k3": {
-                    "k4": true,
-                    "k5": ["v5", "v5"]
-                },
-                "k6": {
-                    "k7": {
-                        "k8": 123
-                    }
-                }
-            }
-        """.trimIndent().toByteArray()
-
-        //when
-        val result = decrypter.decrypt(encrypter.encrypt(data))
-
-        //then
-        assertArrayEquals(ObjectMapper().let { it.writeValueAsBytes(it.readTree(data)) }, result)
-    }
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/DecrypterTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/DecrypterTest.kt
new file mode 100644
index 0000000..bba17bb
--- /dev/null
+++ b/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/DecrypterTest.kt
@@ -0,0 +1,61 @@
+package network.cere.ddc.crypto.v1.decrypt
+
+import com.goterl.lazysodium.LazySodiumJava
+import com.goterl.lazysodium.SodiumJava
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Test
+
+internal class DecrypterTest {
+    private val sodium = LazySodiumJava(SodiumJava())
+
+    @Test
+    fun `Decrypt JSON`() {
+        //given
+        val decrypter = Decrypter(
+            sodium, mapOf(
+                "$.k1" to "5C89065A2389230627757F38B29D8B6F5927F5AA06A1176E97D117FDA613AF96",
+                "$.k3.k4" to "E1727CD305EB4189329EDEDDFC7AC7B79C1FE66854D451E9600819A6D75B1B5F"
+            )
+        )
+        val data = """
+            {
+                "k1": "9F8FCDFA7136E85C49106FCAC32A6EB6D9B1",
+                "k2": "v2",
+                "k3": {
+                    "k4": "55D504384CE68448D8EF349DB391A30447439C13",
+                    "k5": ["v5", "v5"]
+                },
+                "k6": {
+                    "k7": {
+                        "k8": "72F3E2BBAE18C1D2F4710D4ABBBDFA48F31589"
+                    }
+                }
+            }
+        """.trimIndent()
+
+        //when
+        val result = decrypter.decrypt(data)
+
+        //then
+        assertEquals(
+            """{"k1":"v1","k2":"v2","k3":{"k4":"true","k5":["v5","v5"]},"k6":{"k7":{"k8":"72F3E2BBAE18C1D2F4710D4ABBBDFA48F31589"}}}""",
+            result
+        )
+    }
+
+    @Test
+    fun `Decrypt raw`() {
+        //given
+        val decrypter = Decrypter(
+            sodium,
+            mapOf("$" to "80ACD97A9FA49A16BCE645981A7AB0E13FFE07D1E95BBF6BBFB9DD2DB081ECF5")
+        )
+        val data = "38F106C87D8C6C259EC39ABFB65B6F79EBD5C0C1F3D1689B"
+
+        //when
+        val result = decrypter.decrypt(data)
+
+        //then
+        assertEquals("raw data", result)
+    }
+}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypterTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypterTest.kt
deleted file mode 100644
index dab6b01..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypterTest.kt
+++ /dev/null
@@ -1,42 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Test
-
-internal class JsonDataDecrypterTest {
-    @Test
-    fun `Decrypt JSON`() {
-        //given
-        val config = DecryptionConfig(
-            mapOf(
-                "$.k1" to "0ae19ba1e42a63aefea507a19df00ffc962bc894b3fb720723d45e456f636977",
-                "$.k3.k4" to "fd6dc3ab97230e17e75266493ebae617556f83d83851f1a8f061629dbd7c08ef"
-            )
-        )
-        val decrypter = JsonDataDecrypter(config)
-        val data = """
-            {
-                "k1": "0fa7e2cc912228f89df09b783ec3e9114fbafd2a5836f692392793eb6ec3db133b9b62ef9b3539defcd7",
-                "k2": "v2",
-                "k3": {
-                    "k4": "49be07e70fb439e3bd19d1307dce5e8e32cca231065955b869e0c521a2043b2f93a0f9195ff606a989115002",
-                    "k5": ["v5", "v5"]
-                },
-                "k6": {
-                    "k7": {
-                        "k8": "2e98a7462fe1017b65de4104abd29ff2e10c6782e8ab6cc44e96766cfe31e08650b6f45ea7ca3e7fc7b671"
-                    }
-                }
-            }
-        """.trimIndent().toByteArray()
-
-        //when
-        val result = decrypter.decrypt(data)
-
-        //then
-        assertEquals(
-            """{"k1":"v1","k2":"v2","k3":{"k4":"true","k5":["v5","v5"]},"k6":{"k7":{"k8":"2e98a7462fe1017b65de4104abd29ff2e10c6782e8ab6cc44e96766cfe31e08650b6f45ea7ca3e7fc7b671"}}}""",
-            result.decodeToString()
-        )
-    }
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypterTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypterTest.kt
deleted file mode 100644
index bf96d76..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypterTest.kt
+++ /dev/null
@@ -1,24 +0,0 @@
-package network.cere.ddc.crypto.v1.decrypt
-
-import com.google.crypto.tink.subtle.Hex
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Test
-
-internal class RawDataDecrypterTest {
-    @Test
-    fun `Decrypt raw`() {
-        //given
-        val config = DecryptionConfig(
-            mapOf("" to Hex.encode("super-secret-key".repeat(2).toByteArray()))
-        )
-        val decrypter = RawDataDecrypter(config)
-        val data =
-            Hex.decode("aeafd33394bd45142dec4134e6cb71927634e9b31deed4f725fd5210ce8d65b5f2161cff5701dfe1243009df7576053d")
-
-        //when
-        val result = decrypter.decrypt(data)
-
-        //then
-        assertEquals("raw data", result.decodeToString())
-    }
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypterTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/EncrypterTest.kt
similarity index 64%
rename from src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypterTest.kt
rename to src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/EncrypterTest.kt
index 5a9f7a7..3ebca7b 100644
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypterTest.kt
+++ b/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/EncrypterTest.kt
@@ -1,18 +1,22 @@
 package network.cere.ddc.crypto.v1.encrypt
 
-import com.google.crypto.tink.subtle.Hex
+import com.goterl.lazysodium.LazySodium
+import com.goterl.lazysodium.LazySodiumJava
+import com.goterl.lazysodium.SodiumJava
 import com.jayway.jsonpath.JsonPath
-import org.junit.jupiter.api.Assertions.*
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertNotEquals
 import org.junit.jupiter.api.Test
 
-internal class JsonDataEncrypterTest {
-    private val masterKeyHex = Hex.encode("super-secret-key".repeat(2).toByteArray())
+internal class EncrypterTest {
+    private val sodium = LazySodiumJava(SodiumJava())
+    private val masterKeyHex = LazySodium.toHex("super-secret".toByteArray())
 
     @Test
     fun `Encrypt all fields in JSON`() {
         //given
         val config = EncryptionConfig(masterKeyHex)
-        val encrypter = JsonDataEncrypter(config)
+        val encrypter = Encrypter(sodium, config)
         val data = """
             {
                 "k1": "v1",
@@ -27,23 +31,22 @@ internal class JsonDataEncrypterTest {
                     }
                 }
             }
-        """.trimIndent().toByteArray()
+        """.trimIndent()
 
         //when
         val result = encrypter.encrypt(data)
 
         //then
-        val ctx = result.inputStream().use(JsonPath::parse)
+        val ctx = JsonPath.parse(result.first)
         val values = ctx.read<List<Any>>("$..*").filterIsInstance<String>()
         assertEquals(6, values.size)
-        values.forEach { assertTrue(it.length > 64) }
     }
 
     @Test
     fun `Encrypt some fields in JSON`() {
         //given
         val config = EncryptionConfig(masterKeyHex, listOf("$.k3..*"))
-        val encrypter = JsonDataEncrypter(config)
+        val encrypter = Encrypter(sodium, config)
         val data = """
             {
                 "k1": "v1",
@@ -58,13 +61,13 @@ internal class JsonDataEncrypterTest {
                     }
                 }
             }
-        """.trimIndent().toByteArray()
+        """.trimIndent()
 
         //when
         val result = encrypter.encrypt(data)
 
         //then
-        val ctx = result.inputStream().use(JsonPath::parse)
+        val ctx = JsonPath.parse(result.first)
         val values = ctx.read<List<Any>>("$..*").filter { it is String || it is Number }
         assertEquals(6, values.size)
         assertEquals("v1", values[0])
@@ -74,4 +77,18 @@ internal class JsonDataEncrypterTest {
         assertNotEquals("v5", values[4])
         assertEquals(123, values[5])
     }
+
+    @Test
+    fun `Encrypt raw data`() {
+        //given
+        val config = EncryptionConfig(masterKeyHex)
+        val encrypter = Encrypter(sodium, config)
+        val data = "raw data"
+
+        //when
+        val result = encrypter.encrypt(data)
+
+        //then
+        assertEquals(48, result.first.length)
+    }
 }
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypterTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypterTest.kt
deleted file mode 100644
index 5e65662..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypterTest.kt
+++ /dev/null
@@ -1,27 +0,0 @@
-package network.cere.ddc.crypto.v1.encrypt
-
-import com.google.crypto.tink.subtle.Hex
-import com.google.crypto.tink.subtle.XChaCha20Poly1305
-import org.junit.jupiter.api.Assertions.assertArrayEquals
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Test
-
-internal class RawDataEncrypterTest {
-    private val masterKeyHex = Hex.encode("super-secret-key".repeat(2).toByteArray())
-
-    @Test
-    fun `Encrypt raw data`() {
-        //given
-        val config = EncryptionConfig(masterKeyHex)
-        val encrypter = RawDataEncrypter(config)
-        val data = "raw data".toByteArray()
-
-        //when
-        val result = encrypter.encrypt(data)
-
-        //then
-        assertEquals(48, result.size)
-        val decrypted = XChaCha20Poly1305(Hex.decode(masterKeyHex)).decrypt(result, null)
-        assertArrayEquals(data, decrypted)
-    }
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519SignerTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519SignerTest.kt
deleted file mode 100644
index 0d9a3bb..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519SignerTest.kt
+++ /dev/null
@@ -1,38 +0,0 @@
-package network.cere.ddc.crypto.v1.sign
-
-import com.google.crypto.tink.subtle.Ed25519Verify
-import com.google.crypto.tink.subtle.Hex
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Test
-
-internal class Ed25519SignerTest {
-    private val testSubject =
-        Ed25519Signer(Hex.decode("38a538d3d890bfe8f76dc9bf578e215af16fd3d684666f72db0bc0a22bc1d05b"))
-
-    @Test
-    fun `Correct algorithm`() {
-        //when
-        val result = testSubject.algorithm
-
-        //then
-        assertEquals(SignatureAlgorithm.ED25519, result)
-    }
-
-    @Test
-    fun `Sign message`() {
-        //given
-        val message =
-            "someIdsomeTimestamp0x8f01969eb5244d853cc9c6ad73c46d8a1a091842c414cabd2377531f0832635fuserPubKeypiece data"
-                .toByteArray()
-        val expectedSignature =
-            "0cc8f3b637e28c07074b8c114c4628155f7ff666c9554561772149e5b06ed17274095d0b0bf2eabf5c5b2a670f60b1bced914437e5aaf74fb729e78830362709"
-
-        //when
-        val result = testSubject.signToBytes(message)
-
-        //then
-        assertEquals(expectedSignature, Hex.encode(result))
-        Ed25519Verify(Hex.decode("8f01969eb5244d853cc9c6ad73c46d8a1a091842c414cabd2377531f0832635f"))
-            .verify(result, message)
-    }
-}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/sign/SignerTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/sign/SignerTest.kt
new file mode 100644
index 0000000..478dfda
--- /dev/null
+++ b/src/test/kotlin/network/cere/ddc/crypto/v1/sign/SignerTest.kt
@@ -0,0 +1,39 @@
+package network.cere.ddc.crypto.v1.sign
+
+import com.goterl.lazysodium.LazySodiumJava
+import com.goterl.lazysodium.SodiumJava
+import com.goterl.lazysodium.utils.Key
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.Test
+
+internal class SignerTest {
+    private val sodium = LazySodiumJava(SodiumJava())
+    private val testSubject =
+        Signer(
+            sodium,
+            "4B4854DD2F6D876FAADBEB7A8AB65259528D5B70F42CD90E39DAEFDB19C4944C79BAACF7D83296DEFFE7266A9E02FD8D522ED1A7100D3BBEC5625DCA1178B6F9"
+        )
+
+    @Test
+    fun `Sign message`() {
+        //given
+        val message =
+            "someIdsomeTimestamp0x8f01969eb5244d853cc9c6ad73c46d8a1a091842c414cabd2377531f0832635fuserPubKeypiece data"
+        val expectedSignature =
+            "018699A20F9BF94BAD2A86488BB68CF2E5F1D59EB89592DC534E5A888D3600C1AA1554006003C89B65198980E1C3FC871C9F1C1F49F6F58FC6BBE80623929D0E"
+
+        //when
+        val result = testSubject.sign(message)
+
+        //then
+        assertEquals(expectedSignature, result)
+        assertTrue(
+            sodium.cryptoSignVerifyDetached(
+                result,
+                message,
+                Key.fromHexString("79BAACF7D83296DEFFE7266A9E02FD8D522ED1A7100D3BBEC5625DCA1178B6F9")
+            )
+        )
+    }
+}
diff --git a/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519SignerTest.kt b/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519SignerTest.kt
deleted file mode 100644
index c652539..0000000
--- a/src/test/kotlin/network/cere/ddc/crypto/v1/sign/Sr25519SignerTest.kt
+++ /dev/null
@@ -1,36 +0,0 @@
-package network.cere.ddc.crypto.v1.sign
-
-import com.google.crypto.tink.subtle.Hex
-import io.emeraldpay.polkaj.schnorrkel.Schnorrkel
-import org.junit.jupiter.api.Assertions.assertEquals
-import org.junit.jupiter.api.Test
-
-internal class Sr25519SignerTest {
-    private val testSubject =
-        Sr25519Signer(Hex.decode("68af9a6071f56544b592f2bb1341f6fbf7cb92722f550df896c69782e860ba420a9efde708d0d1ec5087c8cc632ede9816f7231a7b243e1f63b9255ddcbc3c44"))
-
-    @Test
-    fun `Correct algorithm`() {
-        //when
-        val result = testSubject.algorithm
-
-        //then
-        assertEquals(SignatureAlgorithm.SR25519, result)
-    }
-
-    @Test
-    fun `Sign message`() {
-        //given
-        val message =
-            "someIdsomeTimestamp0x8f01969eb5244d853cc9c6ad73c46d8a1a091842c414cabd2377531f0832635fuserPubKeypiece data"
-                .toByteArray()
-        val expectedSignatureLength = 128
-
-        //when
-        val result = testSubject.signToBytes(message)
-
-        //then
-        assertEquals(expectedSignatureLength, Hex.encode(result).length)
-        Schnorrkel.getInstance().verify(result, message, Schnorrkel.PublicKey(Hex.decode("fe563a32a5a6e0336e7a7cdb82a5f3a56a7d83c02c7610d2350979086bb4f21c")))
-    }
-}