diff --git a/acme/crypto.go b/acme/crypto.go
new file mode 100644
index 00000000..a7110b0f
--- /dev/null
+++ b/acme/crypto.go
@@ -0,0 +1,33 @@
+package acme
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+)
+
+func generatePrivateKey(keyLength int) (*rsa.PrivateKey, error) {
+	return rsa.GenerateKey(rand.Reader, keyLength)
+}
+
+func generateCsr(privateKey *rsa.PrivateKey, domain string) ([]byte, error) {
+	template := x509.CertificateRequest{
+		Subject: pkix.Name{
+			CommonName: domain,
+		},
+	}
+
+	return x509.CreateCertificateRequest(rand.Reader, &template, privateKey)
+}
+
+func pemEncode(data interface{}) []byte {
+	var pemBlock *pem.Block
+	switch key := data.(type) {
+	case *rsa.PrivateKey:
+		pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}
+	}
+
+	return pem.EncodeToMemory(pemBlock)
+}