diff --git a/acme/client_test.go b/acme/client_test.go
index 9ba165ed..49824735 100644
--- a/acme/client_test.go
+++ b/acme/client_test.go
@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/json"
@@ -13,6 +14,7 @@ import (
 
 func TestNewClient(t *testing.T) {
 	keyBits := 32 // small value keeps test fast
+	keyType := RSA2048
 	key, err := rsa.GenerateKey(rand.Reader, keyBits)
 	if err != nil {
 		t.Fatal("Could not generate test key:", err)
@@ -28,7 +30,7 @@ func TestNewClient(t *testing.T) {
 		w.Write(data)
 	}))
 
-	client, err := NewClient(ts.URL, user, keyBits)
+	client, err := NewClient(ts.URL, user, keyType)
 	if err != nil {
 		t.Fatalf("Could not create client: %v", err)
 	}
@@ -40,8 +42,8 @@ func TestNewClient(t *testing.T) {
 		t.Errorf("Expected jws.privKey to be %p but was %p", expected, actual)
 	}
 
-	if client.keyBits != keyBits {
-		t.Errorf("Expected keyBits to be %d but was %d", keyBits, client.keyBits)
+	if client.keyType != keyType {
+		t.Errorf("Expected keyBits to be %d but was %d", keyType, client.keyType)
 	}
 
 	if expected, actual := 2, len(client.solvers); actual != expected {
@@ -68,7 +70,7 @@ func TestClientOptPort(t *testing.T) {
 
 	optPort := "1234"
 	optHost := ""
-	client, err := NewClient(ts.URL, user, keyBits)
+	client, err := NewClient(ts.URL, user, RSA2048)
 	if err != nil {
 		t.Fatalf("Could not create client: %v", err)
 	}
@@ -140,8 +142,8 @@ func TestValidate(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	privKey, _ := generatePrivateKey(rsakey, 512)
-	j := &jws{privKey: privKey.(*rsa.PrivateKey), directoryURL: ts.URL}
+	privKey, _ := rsa.GenerateKey(rand.Reader, 512)
+	j := &jws{privKey: privKey, directoryURL: ts.URL}
 
 	tsts := []struct {
 		name     string
@@ -193,4 +195,4 @@ type mockUser struct {
 
 func (u mockUser) GetEmail() string                       { return u.email }
 func (u mockUser) GetRegistration() *RegistrationResource { return u.regres }
-func (u mockUser) GetPrivateKey() *rsa.PrivateKey         { return u.privatekey }
+func (u mockUser) GetPrivateKey() crypto.PrivateKey       { return u.privatekey }
diff --git a/acme/crypto_test.go b/acme/crypto_test.go
index 81ab287e..d2fc5088 100644
--- a/acme/crypto_test.go
+++ b/acme/crypto_test.go
@@ -2,13 +2,14 @@ package acme
 
 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/rsa"
 	"testing"
 	"time"
 )
 
 func TestGeneratePrivateKey(t *testing.T) {
-	key, err := generatePrivateKey(rsakey, 32)
+	key, err := generatePrivateKey(RSA2048)
 	if err != nil {
 		t.Error("Error generating private key:", err)
 	}
@@ -18,12 +19,12 @@ func TestGeneratePrivateKey(t *testing.T) {
 }
 
 func TestGenerateCSR(t *testing.T) {
-	key, err := generatePrivateKey(rsakey, 512)
+	key, err := rsa.GenerateKey(rand.Reader, 512)
 	if err != nil {
 		t.Fatal("Error generating private key:", err)
 	}
 
-	csr, err := generateCsr(key.(*rsa.PrivateKey), "fizz.buzz", nil)
+	csr, err := generateCsr(key, "fizz.buzz", nil)
 	if err != nil {
 		t.Error("Error generating CSR:", err)
 	}
@@ -52,7 +53,7 @@ func TestPEMEncode(t *testing.T) {
 }
 
 func TestPEMCertExpiration(t *testing.T) {
-	privKey, err := generatePrivateKey(rsakey, 2048)
+	privKey, err := generatePrivateKey(RSA2048)
 	if err != nil {
 		t.Fatal("Error generating private key:", err)
 	}
diff --git a/acme/dns_challenge_test.go b/acme/dns_challenge_test.go
index e1e67efe..850a0f59 100644
--- a/acme/dns_challenge_test.go
+++ b/acme/dns_challenge_test.go
@@ -2,6 +2,7 @@ package acme
 
 import (
 	"bufio"
+	"crypto/rand"
 	"crypto/rsa"
 	"net/http"
 	"net/http/httptest"
@@ -76,7 +77,7 @@ func TestDNSValidServerResponse(t *testing.T) {
 	preCheckDNS = func(fqdn, value string) (bool, error) {
 		return true, nil
 	}
-	privKey, _ := generatePrivateKey(rsakey, 512)
+	privKey, _ := rsa.GenerateKey(rand.Reader, 512)
 
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Add("Replay-Nonce", "12345")
@@ -84,7 +85,7 @@ func TestDNSValidServerResponse(t *testing.T) {
 	}))
 
 	manualProvider, _ := NewDNSProviderManual()
-	jws := &jws{privKey: privKey.(*rsa.PrivateKey), directoryURL: ts.URL}
+	jws := &jws{privKey: privKey, directoryURL: ts.URL}
 	solver := &dnsChallenge{jws: jws, validate: validate, provider: manualProvider}
 	clientChallenge := challenge{Type: "dns01", Status: "pending", URI: ts.URL, Token: "http8"}
 
diff --git a/acme/http_challenge_test.go b/acme/http_challenge_test.go
index 79b8b545..fdd8f4d2 100644
--- a/acme/http_challenge_test.go
+++ b/acme/http_challenge_test.go
@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"crypto/rand"
 	"crypto/rsa"
 	"io/ioutil"
 	"strings"
@@ -8,8 +9,8 @@ import (
 )
 
 func TestHTTPChallenge(t *testing.T) {
-	privKey, _ := generatePrivateKey(rsakey, 512)
-	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
+	privKey, _ := rsa.GenerateKey(rand.Reader, 512)
+	j := &jws{privKey: privKey}
 	clientChallenge := challenge{Type: HTTP01, Token: "http1"}
 	mockValidate := func(_ *jws, _, _ string, chlng challenge) error {
 		uri := "http://localhost:23457/.well-known/acme-challenge/" + chlng.Token
@@ -43,8 +44,8 @@ func TestHTTPChallenge(t *testing.T) {
 }
 
 func TestHTTPChallengeInvalidPort(t *testing.T) {
-	privKey, _ := generatePrivateKey(rsakey, 128)
-	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
+	privKey, _ := rsa.GenerateKey(rand.Reader, 128)
+	j := &jws{privKey: privKey}
 	clientChallenge := challenge{Type: HTTP01, Token: "http2"}
 	solver := &httpChallenge{jws: j, validate: stubValidate, provider: &HTTPProviderServer{port: "123456"}}
 
diff --git a/acme/tls_sni_challenge_test.go b/acme/tls_sni_challenge_test.go
index 60f1498b..3aec7456 100644
--- a/acme/tls_sni_challenge_test.go
+++ b/acme/tls_sni_challenge_test.go
@@ -1,6 +1,7 @@
 package acme
 
 import (
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/tls"
@@ -11,8 +12,8 @@ import (
 )
 
 func TestTLSSNIChallenge(t *testing.T) {
-	privKey, _ := generatePrivateKey(rsakey, 512)
-	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
+	privKey, _ := rsa.GenerateKey(rand.Reader, 512)
+	j := &jws{privKey: privKey}
 	clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni1"}
 	mockValidate := func(_ *jws, _, _ string, chlng challenge) error {
 		conn, err := tls.Dial("tcp", "localhost:23457", &tls.Config{
@@ -51,8 +52,8 @@ func TestTLSSNIChallenge(t *testing.T) {
 }
 
 func TestTLSSNIChallengeInvalidPort(t *testing.T) {
-	privKey, _ := generatePrivateKey(rsakey, 128)
-	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
+	privKey, _ := rsa.GenerateKey(rand.Reader, 128)
+	j := &jws{privKey: privKey}
 	clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni2"}
 	solver := &tlsSNIChallenge{jws: j, validate: stubValidate, provider: &TLSProviderServer{port: "123456"}}