diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
new file mode 100644
index 0000000000000000000000000000000000000000..77f9d04885718764bc96a72fd5f884f37b9141c2
--- /dev/null
+++ b/pkcs1-rsa-sha256.c
@@ -0,0 +1,94 @@
+/* pkcs1-rsa-sha256.c
+ *
+ * PKCS stuff for rsa-sha256.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006 Niels M�ller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#if WITH_PUBLIC_KEY
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+#include "nettle-internal.h"
+
+/* From RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA
+ * Cryptography Specifications Version 2.1.
+ *
+ *     id-sha256    OBJECT IDENTIFIER ::=
+ *       {joint-iso-itu-t(2) country(16) us(840) organization(1)
+ *         gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1}
+ */
+
+static const uint8_t
+sha256_prefix[] =
+{
+  /* 19 octets prefix, 32 octets hash, total 51 */
+  0x30,      49, /* SEQUENCE */
+    0x30,    13, /* SEQUENCE */
+      0x06,   9, /* OBJECT IDENTIFIER */
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
+      0x05,   0, /* NULL */
+    0x04,    32  /* OCTET STRING */
+      /* Here comes the raw hash value */
+};
+
+void
+pkcs1_rsa_sha256_encode(mpz_t m, unsigned length, struct sha256_ctx *hash)
+{
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
+
+  assert(length >= SHA256_DIGEST_SIZE);
+  pkcs1_signature_prefix(length - SHA256_DIGEST_SIZE, em,
+			 sizeof(sha256_prefix),
+			 sha256_prefix);
+  
+  sha256_digest(hash, SHA256_DIGEST_SIZE, em + length - SHA256_DIGEST_SIZE);
+  nettle_mpz_set_str_256_u(m, length, em);
+}
+
+void
+pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
+{
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
+
+  assert(length >= SHA256_DIGEST_SIZE);
+  pkcs1_signature_prefix(length - SHA256_DIGEST_SIZE, em,
+			 sizeof(sha256_prefix),
+			 sha256_prefix);
+
+  memcpy(em + length - SHA256_DIGEST_SIZE, digest, SHA256_DIGEST_SIZE);
+  nettle_mpz_set_str_256_u(m, length, em);
+}
+
+#endif /* WITH_PUBLIC_KEY */
diff --git a/rsa-sha256-sign.c b/rsa-sha256-sign.c
new file mode 100644
index 0000000000000000000000000000000000000000..ab34c19c87781b3d898f1394335c93bcb8350e20
--- /dev/null
+++ b/rsa-sha256-sign.c
@@ -0,0 +1,63 @@
+/* rsa-sha256-sign.c
+ *
+ * Signatures using RSA and SHA256.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006 Niels M�ller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#if WITH_PUBLIC_KEY
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+void
+rsa_sha256_sign(const struct rsa_private_key *key,
+		struct sha256_ctx *hash,
+		mpz_t s)
+{
+  assert(key->size >= RSA_MINIMUM_N_OCTETS);
+
+  pkcs1_rsa_sha256_encode(s, key->size - 1, hash);
+
+  rsa_compute_root(key, s, s);
+}
+
+void
+rsa_sha256_sign_digest(const struct rsa_private_key *key,
+		       const uint8_t *digest,
+		       mpz_t s)
+{
+  assert(key->size >= RSA_MINIMUM_N_OCTETS);
+
+  pkcs1_rsa_sha256_encode_digest(s, key->size - 1, digest);
+
+  rsa_compute_root(key, s, s);
+}
+
+#endif /* WITH_PUBLIC_KEY */
diff --git a/rsa-sha256-verify.c b/rsa-sha256-verify.c
new file mode 100644
index 0000000000000000000000000000000000000000..a0235a48753d99101ba45f402222d20f76249d09
--- /dev/null
+++ b/rsa-sha256-verify.c
@@ -0,0 +1,77 @@
+/* rsa-sha256-verify.c
+ *
+ * Verifying signatures created with RSA and SHA256.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006 Niels M�ller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#if WITH_PUBLIC_KEY
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha256_verify(const struct rsa_public_key *key,
+		  struct sha256_ctx *hash,
+		  const mpz_t s)
+{
+  int res;
+  mpz_t m;
+
+  assert(key->size >= RSA_MINIMUM_N_OCTETS);
+  mpz_init(m);
+  
+  pkcs1_rsa_sha256_encode(m, key->size - 1, hash);
+  res = _rsa_verify(key, m, s);
+  
+  mpz_clear(m);
+
+  return res;
+}
+
+int
+rsa_sha256_verify_digest(const struct rsa_public_key *key,
+			 const uint8_t *digest,
+			 const mpz_t s)
+{
+  int res;
+  mpz_t m;
+
+  assert(key->size >= RSA_MINIMUM_N_OCTETS);
+  mpz_init(m);
+  
+  pkcs1_rsa_sha256_encode_digest(m, key->size - 1, digest);
+  res = _rsa_verify(key, m, s);
+  
+  mpz_clear(m);
+
+  return res;
+}
+     
+#endif /* WITH_PUBLIC_KEY */