diff --git a/priv_key.go b/priv_key.go
index 5e93fbe11..e9b43caa0 100644
--- a/priv_key.go
+++ b/priv_key.go
@@ -9,6 +9,7 @@ import (
 
 // PrivKey is part of PrivAccount and state.PrivValidator.
 type PrivKey interface {
+	Bytes() []byte
 	Sign(msg []byte) Signature
 	PubKey() PubKey
 }
@@ -24,11 +25,20 @@ var _ = wire.RegisterInterface(
 	wire.ConcreteType{PrivKeyEd25519{}, PrivKeyTypeEd25519},
 )
 
+func PrivKeyFromBytes(privKeyBytes []byte) (privKey PrivKey, err error) {
+	err = wire.ReadBinaryBytes(privKeyBytes, &privKey)
+	return
+}
+
 //-------------------------------------
 
 // Implements PrivKey
 type PrivKeyEd25519 [64]byte
 
+func (privKey PrivKeyEd25519) Bytes() []byte {
+	return wire.BinaryBytes(struct{ PrivKey }{privKey})
+}
+
 func (key PrivKeyEd25519) Sign(msg []byte) Signature {
 	privKeyBytes := [64]byte(key)
 	signatureBytes := ed25519.Sign(&privKeyBytes, msg)
@@ -69,8 +79,10 @@ func GenPrivKeyEd25519() PrivKeyEd25519 {
 	return PrivKeyEd25519(*privKeyBytes)
 }
 
-func GenPrivKeyEd25519FromSecret(secret string) PrivKeyEd25519 {
-	privKey32 := wire.BinarySha256(secret) // Not Ripemd160 because we want 32 bytes.
+// NOTE: secret should be the output of a KDF like bcrypt,
+// if it's derived from user input.
+func GenPrivKeyEd25519FromSecret(secret []byte) PrivKeyEd25519 {
+	privKey32 := Sha256(secret) // Not Ripemd160 because we want 32 bytes.
 	privKeyBytes := new([64]byte)
 	copy(privKeyBytes[:32], privKey32)
 	ed25519.MakePublicKey(privKeyBytes)
diff --git a/pub_key.go b/pub_key.go
index 4cfe815ce..b9500741e 100644
--- a/pub_key.go
+++ b/pub_key.go
@@ -13,6 +13,7 @@ import (
 // PubKey is part of Account and Validator.
 type PubKey interface {
 	Address() []byte
+	Bytes() []byte
 	KeyString() string
 	VerifyBytes(msg []byte, sig Signature) bool
 	Equals(PubKey) bool
@@ -29,28 +30,27 @@ var _ = wire.RegisterInterface(
 	wire.ConcreteType{PubKeyEd25519{}, PubKeyTypeEd25519},
 )
 
+func PubKeyFromBytes(pubKeyBytes []byte) (pubKey PubKey, err error) {
+	err = wire.ReadBinaryBytes(pubKeyBytes, &pubKey)
+	return
+}
+
 //-------------------------------------
 
 // Implements PubKey
 type PubKeyEd25519 [32]byte
 
-// TODO: Slicing the array gives us length prefixing but loses the type byte.
-// Revisit if we add more pubkey types.
-// For now, we artificially append the type byte in front to give us backwards
-// compatibility for when the pubkey wasn't fixed length array
 func (pubKey PubKeyEd25519) Address() []byte {
-	w, n, err := new(bytes.Buffer), new(int), new(error)
-	wire.WriteBinary(pubKey[:], w, n, err)
-	if *err != nil {
-		PanicCrisis(*err)
-	}
-	// append type byte
-	encodedPubkey := append([]byte{1}, w.Bytes()...)
+	pubKeyBytes := pubKey.Bytes()
 	hasher := ripemd160.New()
-	hasher.Write(encodedPubkey) // does not error
+	hasher.Write(pubKeyBytes) // does not error
 	return hasher.Sum(nil)
 }
 
+func (pubKey PubKeyEd25519) Bytes() []byte {
+	return wire.BinaryBytes(struct{ PubKey }{pubKey})
+}
+
 // TODO: Consider returning a reason for failure, or logging a runtime type mismatch.
 func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig_ Signature) bool {
 	sig, ok := sig_.(SignatureEd25519)