Index: .fossil-settings/ignore-glob
==================================================================
--- .fossil-settings/ignore-glob
+++ .fossil-settings/ignore-glob
@@ -1,5 +1,7 @@
 appfsd
 appfsd.o
 appfsd.tcl.h
 sha1.o
 sha1.tcl.h
+pki.tcl.h
+pki.tcl.new

Index: Makefile
==================================================================
--- Makefile
+++ Makefile
@@ -23,16 +23,29 @@
 all: appfsd
 
 appfsd: appfsd.o sha1.o
 	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o appfsd appfsd.o sha1.o $(LIBS)
 
-appfsd.o: appfsd.c appfsd.tcl.h
+appfsd.o: appfsd.c appfsd.tcl.h pki.tcl.h
 	$(CC) $(CPPFLAGS) $(CFLAGS) -o appfsd.o -c appfsd.c
 
 sha1.o: sha1.c sha1.tcl.h
 	$(CC) $(CPPFLAGS) $(CFLAGS) -o sha1.o -c sha1.c
 
+pki.tcl:
+	rm -f pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/asn/asn.tcl?name=aea6802a16e69c9f2d4f5eca20fdc23174609731 > pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/aes/aes.tcl?name=94452b42b4ca98298ab1465c40fd87d11a40cf5e >> pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/des/tcldes.tcl?name=ffea6ca6eb4468c0edef7a745b1dadc632ff5aeb >> pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/des/des.tcl?name=5d8f3a7c1a6ea88ee988652643db8f06038aff49 >> pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/math/bignum.tcl?name=3bc84d9b1f18c2e7360573381317c4dc9af731f9 >> pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/md5/md5x.tcl?name=3cddfa803d680a79ab7dfac90edfd751f3d4fadd >> pki.tcl.new
+	curl http://core.tcl.tk/tcllib/raw/modules/sha1/sha256.tcl?name=1fd001eb65e88c823b980456726079deae3512df >> pki.tcl.new
+	curl 'http://core.tcl.tk/tcllib/raw/modules/pki/pki.tcl?name=8318fd31981dcc00bfadd6c427518f9d71a12b34' >> pki.tcl.new
+	openssl sha1 pki.tcl.new | grep '918ddd77f485a58192b2e86230777092d790191a' >/dev/null
+	mv pki.tcl.new pki.tcl
+
 %.tcl.h: %.tcl
 	sed 's@[\\"]@\\&@g;s@^@   "@;s@$$@\\n"@' $^ > $@.new
 	mv $@.new $@
 
 install: appfsd appfs-cache appfs-mkfs
@@ -44,9 +57,13 @@
 
 clean:
 	rm -f appfsd appfsd.o
 	rm -f appfsd.tcl.h
 	rm -f sha1.o sha1.tcl.h
+	rm -f pki.tcl.new pki.tcl.h
 
 distclean: clean
 
-.PHONY: all test clean distclean install
+mrproper: distclean
+	rm -f pki.tcl
+
+.PHONY: all install clean distclean mrproper

Index: appfsd.c
==================================================================
--- appfsd.c
+++ appfsd.c
@@ -143,10 +143,29 @@
 
 		Tcl_DeleteInterp(interp);
 
 		return(NULL);
 	}
+
+	/*
+	 * Load "pki.tcl" in the same way as appfsd.tcl (see below)
+	 */
+	tcl_ret = Tcl_Eval(interp, ""
+#include "pki.tcl.h"
+	"");
+	if (tcl_ret != TCL_OK) {
+		fprintf(stderr, "Unable to initialize Tcl PKI.  Aborting.\n");
+		fprintf(stderr, "Tcl Error is: %s\n", Tcl_GetStringResult(interp));
+
+		if (error_string) {
+			*error_string = strdup(Tcl_GetStringResult(interp));
+		}
+
+		Tcl_DeleteInterp(interp);
+
+		return(NULL);
+	}
 
 	/*
 	 * Load the "appfsd.tcl" script, which is "compiled" into a C header
 	 * so that it does not need to exist on the filesystem and can be
 	 * directly evaluated.
@@ -1324,11 +1343,11 @@
 		if (test_interp_error == NULL) {
 			test_interp_error = "Unknown error";
 		}
 
 		fprintf(stderr, "Unable to initialize Tcl interpreter for AppFSd:\n");
-		fprintf(stderr, "%s", test_interp_error);
+		fprintf(stderr, "%s\n", test_interp_error);
 
 		return(1);
 	}
 	Tcl_DeleteInterp(test_interp);
 

Index: appfsd.tcl
==================================================================
--- appfsd.tcl
+++ appfsd.tcl
@@ -3,10 +3,11 @@
 package require http 2.7
 package require sqlite3
 package require sha1
 package require appfsd
 package require platform
+package require pki
 
 namespace eval ::appfs {
 	variable cachedir "/tmp/appfs-cache"
 	variable ttl 3600
 	variable nttl 60