diff --git a/ChangeLog b/ChangeLog
index 23d976f3fd0d228537f9787a2010f85063feb09b..0c77dda24d31297f9d7eafc39eba27a27101075c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-03-18  Niels Möller  <nisse@diamant.hack.org>
+
+	* eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
+	file, new functions.
+
 2015-03-14  Niels Möller  <nisse@diamant.hack.org>
 
 	* ccm.c (memeql_sec): New function, more side-channel silent than
diff --git a/Makefile.in b/Makefile.in
index abba3cd94c35cbcaf4ce34eb4bd5445a66f19b47..7362a02dc4f437e20a8dbe252513ba836ad116fc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -179,7 +179,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
 		  curve25519-mul-g.c curve25519-mul.c curve25519-eh-to-x.c \
 		  eddsa-compress.c eddsa-decompress.c eddsa-expand.c \
-		  eddsa-hash.c eddsa-sign.c eddsa-verify.c \
+		  eddsa-hash.c eddsa-pubkey.c eddsa-sign.c eddsa-verify.c \
 		  ed25519-sha512-sign.c ed25519-sha512-verify.c \
 		  $(OPT_HOGWEED_SOURCES)
 
diff --git a/eddsa-pubkey.c b/eddsa-pubkey.c
new file mode 100644
index 0000000000000000000000000000000000000000..d1546707eb2f1c5c47f7704e78455dfe90980fdd
--- /dev/null
+++ b/eddsa-pubkey.c
@@ -0,0 +1,56 @@
+/* eddsa-pubkey.c
+
+   Copyright (C) 2015 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "eddsa.h"
+
+#include "ecc-internal.h"
+
+mp_size_t
+_eddsa_public_key_itch (const struct ecc_curve *ecc)
+{
+  return 3*ecc->p.size + ecc->mul_g_itch;
+}
+
+void
+_eddsa_public_key (const struct ecc_curve *ecc,
+		   const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch)
+{
+#define P scratch
+#define scratch_out (scratch + 3*ecc->p.size)
+  ecc->mul_g (ecc, P, k, scratch_out);
+  _eddsa_compress (ecc, pub, P, scratch_out);
+#undef P
+#undef scratch_out
+}
diff --git a/eddsa.h b/eddsa.h
index dffe5ececc21ca81c8f0f875341c9edc96d92953..b052ef8294ce446842b86eebe05bf608217c705d 100644
--- a/eddsa.h
+++ b/eddsa.h
@@ -57,6 +57,8 @@ extern "C" {
 #define _eddsa_sign_itch _nettle_eddsa_sign_itch
 #define _eddsa_verify _nettle_eddsa_verify
 #define _eddsa_verify_itch _nettle_eddsa_verify_itch
+#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch
+#define _eddsa_public_key _nettle_eddsa_public_key
 
 #define ED25519_KEY_SIZE 32
 #define ED25519_SIGNATURE_SIZE 64
@@ -159,6 +161,13 @@ _eddsa_expand_key (const struct ecc_curve *ecc,
 		   mp_limb_t *k2,
 		   mp_limb_t *scratch);
 
+mp_size_t
+_eddsa_public_key_itch (const struct ecc_curve *ecc);
+
+void
+_eddsa_public_key (const struct ecc_curve *ecc,
+		   const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch);
+
 			   
 #ifdef __cplusplus
 }