diff --git a/ChangeLog b/ChangeLog
index c2dac5935e98a02e99714333e1e287569a5c4d79..1ad2e53b032285bcd4a3cb5597ee8ecaaa7d3c79 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-06-09  Niels Möller  <nisse@lysator.liu.se>
+
+	* rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
+	* rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
+	separate file, renamed and made non-static. Moved from...
+	* rsa-decrypt-tr.c: ... here.
+
 2012-06-03  Niels Möller  <nisse@lysator.liu.se>
 
 	* testsuite/pkcs1-test.c (test_main): Include leading zero in
diff --git a/Makefile.in b/Makefile.in
index 58f7831d9455ba050a34dcdce95ca1697ec4db1b..ba0fdb279082c972ce842ade7118e38cf75372a8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -108,7 +108,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  rsa-sha256-sign.c rsa-sha256-verify.c \
 		  rsa-sha512-sign.c rsa-sha512-verify.c \
 		  rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
-		  rsa-keygen.c rsa-compat.c \
+		  rsa-keygen.c rsa-compat.c rsa-blind.c \
 		  rsa2sexp.c sexp2rsa.c \
 		  dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c \
 		  dsa-sha1-sign.c dsa-sha1-verify.c \
diff --git a/rsa-blind.c b/rsa-blind.c
new file mode 100644
index 0000000000000000000000000000000000000000..eb5d0088806206c41af9520298a16dfa69ded6b6
--- /dev/null
+++ b/rsa-blind.c
@@ -0,0 +1,69 @@
+/* rsa-blind.c
+ *
+ * RSA blinding. It is used for timing resistant decryption or signing.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "bignum.h"
+
+/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
+   returns the inverse (ri), for use by rsa_unblind. */
+void
+_rsa_blind (const struct rsa_public_key *pub,
+	    void *random_ctx, nettle_random_func random,
+	    mpz_t c, mpz_t ri)
+{
+  mpz_t r;
+
+  mpz_init(r);
+
+  /* c = c*(r^e)
+   * ri = r^(-1)
+   */
+  do 
+    {
+      nettle_mpz_random(r, random_ctx, random, pub->n);
+      /* invert r */
+    }
+  while (!mpz_invert (ri, r, pub->n));
+
+  /* c = c*(r^e) mod n */
+  mpz_powm(r, r, pub->e, pub->n);
+  mpz_mul(c, c, r);
+  mpz_fdiv_r(c, c, pub->n);
+
+  mpz_clear(r);
+}
+
+/* c *= ri mod n */
+void
+_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri)
+{
+  mpz_mul(c, c, ri);
+  mpz_fdiv_r(c, c, pub->n);
+}
diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c
index d130a0690713b80c393a644f78c00cef30e4d76e..1e21e985bf75bd46300d0f593aefa0ee94349c57 100644
--- a/rsa-decrypt-tr.c
+++ b/rsa-decrypt-tr.c
@@ -33,47 +33,10 @@
 #include "bignum.h"
 #include "pkcs1.h"
 
-/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
-   returns the inverse (ri), for use by rsa_unblind. */
-static void
-rsa_blind (const struct rsa_public_key *pub,
-	   void *random_ctx, nettle_random_func random,
-	   mpz_t c, mpz_t ri)
-{
-  mpz_t r;
-
-  mpz_init(r);
-
-  /* c = c*(r^e)
-   * ri = r^(-1)
-   */
-  do 
-    {
-      nettle_mpz_random(r, random_ctx, random, pub->n);
-      /* invert r */
-    }
-  while (!mpz_invert (ri, r, pub->n));
-
-  /* c = c*(r^e) mod n */
-  mpz_powm(r, r, pub->e, pub->n);
-  mpz_mul(c, c, r);
-  mpz_fdiv_r(c, c, pub->n);
-
-  mpz_clear(r);
-}
-
-/* c *= ri mod n */
-static void
-rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri)
-{
-  mpz_mul(c, c, ri);
-  mpz_fdiv_r(c, c, pub->n);
-}
-
 int
 rsa_decrypt_tr(const struct rsa_public_key *pub,
 	       const struct rsa_private_key *key,
-	       void *random_ctx, nettle_random_func random,	       
+	       void *random_ctx, nettle_random_func random,
 	       unsigned *length, uint8_t *message,
 	       const mpz_t gibberish)
 {
@@ -83,9 +46,9 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
   mpz_init_set(m, gibberish);
   mpz_init (ri);
 
-  rsa_blind (pub, random_ctx, random, m, ri);
+  _rsa_blind (pub, random_ctx, random, m, ri);
   rsa_compute_root(key, m, m);
-  rsa_unblind (pub, m, ri);
+  _rsa_unblind (pub, m, ri);
   mpz_clear (ri);
 
   res = pkcs1_decrypt (key->size, m, length, message);
diff --git a/rsa.h b/rsa.h
index 9dc7fe2bf57a5696cdf408ff068f5d07a4b60582..1b975ab8cad5f4bf2ca07f904317cf692a9b080c 100644
--- a/rsa.h
+++ b/rsa.h
@@ -73,6 +73,8 @@ extern "C" {
 #define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
 #define _rsa_verify _nettle_rsa_verify
 #define _rsa_check_size _nettle_rsa_check_size
+#define _rsa_blind _nettle_rsa_blind
+#define _rsa_unblind _nettle_rsa_unblind
 
 /* This limit is somewhat arbitrary. Technically, the smallest modulo
    which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
@@ -383,6 +385,13 @@ _rsa_verify(const struct rsa_public_key *key,
 unsigned
 _rsa_check_size(mpz_t n);
 
+void
+_rsa_blind (const struct rsa_public_key *pub,
+	    void *random_ctx, nettle_random_func random,
+	    mpz_t c, mpz_t ri);
+void
+_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
+
 #ifdef __cplusplus
 }
 #endif