diff --git a/lib/encryption.ex b/lib/encryption.ex
index 89ab7b2..fb72d80 100644
--- a/lib/encryption.ex
+++ b/lib/encryption.ex
@@ -38,6 +38,10 @@ defmodule Amethyst.Keys do
     GenServer.call(__MODULE__, :get_pub)
   end
 
+  def decrypt(encrypted) do
+    GenServer.call(__MODULE__, {:decrypt, encrypted})
+  end
+
   @impl true
   def init(bits) do
     Logger.info("Generating RSA keys with #{bits} bits")
@@ -46,20 +50,24 @@ defmodule Amethyst.Keys do
       rsa_private_key = :public_key.generate_key({:rsa, bits, 65_537})
 
     rsa_public_key = {:RSAPublicKey, modulus, public_exponent}
-    privkey = :public_key.der_encode(:RSAPrivateKey, rsa_private_key)
-    pubkey = :public_key.der_encode(:RSAPublicKey, rsa_public_key)
 
     Logger.info("Generated RSA keys")
-    {:ok, {pubkey, privkey}}
+    {:ok, {rsa_public_key, rsa_private_key}}
   end
 
   @impl true
   def handle_call(:get_priv, _from, {pubkey, privkey}) do
-    {:reply, privkey, {pubkey, privkey}}
+    {:reply, :public_key.der_encode(:RSAPrivateKey, privkey), {pubkey, privkey}}
   end
 
   @impl true
   def handle_call(:get_pub, _from, {pubkey, privkey}) do
-    {:reply, pubkey, {pubkey, privkey}}
+    {:reply, :public_key.der_encode(:RSAPublicKey, pubkey), {pubkey, privkey}}
+  end
+
+  @impl true
+  def handle_call({:decrypt, encrypted}, _from, {pubkey, privkey}) do
+    plaintext = :public_key.decrypt_private(encrypted, privkey)
+    {:reply, plaintext, {pubkey, privkey}}
   end
 end