diff --git a/session/private.go b/session/private.go
index 42bb205..6c9c68d 100644
--- a/session/private.go
+++ b/session/private.go
@@ -4,8 +4,6 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
-
-	crypto "github.com/nspcc-dev/neofs-crypto"
 )
 
 type pToken struct {
@@ -30,14 +28,9 @@ func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
 	}, nil
 }
 
-// Sign signs data with session private key.
-func (t *pToken) Sign(data []byte) ([]byte, error) {
-	return crypto.Sign(t.sessionKey, data)
-}
-
-// PublicKey returns a binary representation of the session public key.
-func (t *pToken) PublicKey() []byte {
-	return crypto.MarshalPublicKey(&t.sessionKey.PublicKey)
+// PrivateKey returns a binary representation of the session public key.
+func (t *pToken) PrivateKey() *ecdsa.PrivateKey {
+	return t.sessionKey
 }
 
 func (t *pToken) Expired(epoch uint64) bool {
diff --git a/session/private_test.go b/session/private_test.go
index 8097b97..9dedc29 100644
--- a/session/private_test.go
+++ b/session/private_test.go
@@ -1,35 +1,16 @@
 package session
 
 import (
-	"crypto/rand"
 	"testing"
 
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/stretchr/testify/require"
 )
 
-func TestPrivateToken(t *testing.T) {
+func TestPToken_PrivateKey(t *testing.T) {
 	// create new private token
 	pToken, err := NewPrivateToken(0)
 	require.NoError(t, err)
-
-	// generate data to sign
-	data := make([]byte, 10)
-	_, err = rand.Read(data)
-	require.NoError(t, err)
-
-	// sign data via private token
-	sig, err := pToken.Sign(data)
-	require.NoError(t, err)
-
-	// check signature
-	require.NoError(t,
-		crypto.Verify(
-			crypto.UnmarshalPublicKey(pToken.PublicKey()),
-			data,
-			sig,
-		),
-	)
+	require.NotNil(t, pToken.PrivateKey())
 }
 
 func TestPToken_Expired(t *testing.T) {
diff --git a/session/types.go b/session/types.go
index ee13b92..95a0065 100644
--- a/session/types.go
+++ b/session/types.go
@@ -10,14 +10,8 @@ import (
 
 // PrivateToken is an interface of session private part.
 type PrivateToken interface {
-	// PublicKey must return a binary representation of session public key.
-	PublicKey() []byte
-
-	// Sign must return the signature of passed data.
-	//
-	// Resulting signature must be verified by crypto.Verify function
-	// with the session public key.
-	Sign([]byte) ([]byte, error)
+	// PrivateKey must return session private key.
+	PrivateKey() *ecdsa.PrivateKey
 
 	// Expired must return true if and only if private token is expired in the given epoch number.
 	Expired(uint64) bool