diff --git a/Data/OpenPGP/Crypto.hs b/Data/OpenPGP/Crypto.hs
--- a/Data/OpenPGP/Crypto.hs
+++ b/Data/OpenPGP/Crypto.hs
@@ -8,9 +8,9 @@
 
 import Numeric
 import Data.Word
+import Data.Bits
 import Data.Char
-import Data.List (find)
-import Data.Map ((!))
+import Data.List (find,foldl')
 import qualified Data.ByteString.Lazy as LZ
 import qualified Data.ByteString.Lazy.UTF8 as LZ (fromString)
 
@@ -42,26 +42,19 @@
 	      | otherwise = s
 
 find_key :: OpenPGP.Message -> String -> Maybe OpenPGP.Packet
-find_key (OpenPGP.Message (x@(OpenPGP.PublicKeyPacket {}):xs)) keyid =
-	find_key_ x xs keyid
-find_key (OpenPGP.Message (x@(OpenPGP.SecretKeyPacket {}):xs)) keyid =
-	find_key_ x xs keyid
-find_key (OpenPGP.Message (_:xs)) keyid =
-	find_key (OpenPGP.Message xs) keyid
-find_key _ _ = Nothing
-
-find_key_ :: OpenPGP.Packet -> [OpenPGP.Packet] -> String -> Maybe OpenPGP.Packet
-find_key_ x xs keyid
-	| thisid == keyid = Just x
-	| otherwise = find_key (OpenPGP.Message xs) keyid
-	where
-	thisid = reverse $ take (length keyid) (reverse (fingerprint x))
+find_key = OpenPGP.find_key fingerprint
 
 keyfield_as_octets :: OpenPGP.Packet -> Char -> [Word8]
 keyfield_as_octets k f =
-	LZ.unpack $ LZ.drop 2 (encode (k' ! f))
-	where k' = OpenPGP.key k
+	LZ.unpack $ LZ.drop 2 (encode fld)
+	where
+	Just fld = lookup f (OpenPGP.key k)
 
+constTimeEq :: [Word8] -> [Word8] -> Bool
+constTimeEq xs ys
+	| length xs /= length ys = False
+	| otherwise = 0 == foldl' (\r (x,y) -> r .|. (x `xor` y)) 0 (zip xs ys)
+
 -- http://tools.ietf.org/html/rfc3447#page-43
 emsa_pkcs1_v1_5_hash_padding :: OpenPGP.HashAlgorithm -> [Word8]
 emsa_pkcs1_v1_5_hash_padding OpenPGP.MD5 = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10]
@@ -91,9 +84,9 @@
           -> Int             -- ^ Index of signature to verify (0th, 1st, etc)
           -> Bool
 verify keys message sigidx =
-	encoded == RSA.encrypt (n, e) raw_sig
+	encoded `constTimeEq` RSA.encrypt (n, e) raw_sig
 	where
-	raw_sig = LZ.unpack $ LZ.drop 2 $ encode (OpenPGP.signature sig)
+	raw_sig = LZ.unpack $ LZ.drop 2 $ encode (head $ OpenPGP.signature sig)
 	encoded = emsa_pkcs1_v1_5_encode signature_over
 		(length n) (OpenPGP.hash_algorithm sig)
 	signature_over = LZ.unpack $ dta `LZ.append` OpenPGP.trailer sig
@@ -115,8 +108,8 @@
 	-- WARNING: this style of update is unsafe on most fields
 	-- it is safe on signature and hash_head, though
 	sig {
-		OpenPGP.signature = OpenPGP.MPI $ toNum final,
-		OpenPGP.hash_head = toNum $ take 2 final
+		OpenPGP.signature = [OpenPGP.MPI $ toNum final],
+		OpenPGP.hash_head = toNum $ take 2 encoded
 	}
 	where
 	-- toNum has explicit param so that it can remain polymorphic
diff --git a/README b/README
--- a/README
+++ b/README
@@ -2,7 +2,7 @@
 that currently does fingerprint generation, signature generation, and
 signature verification (for RSA keys only).
 
-It is indended to be used with <http://hackage.haskell.org/openpgp>
+It is indended to be used with <http://hackage.haskell.org/package/openpgp>
 
 It is intended that you use qualified imports with this library.
 
diff --git a/openpgp-Crypto.cabal b/openpgp-Crypto.cabal
--- a/openpgp-Crypto.cabal
+++ b/openpgp-Crypto.cabal
@@ -1,5 +1,5 @@
 name:            openpgp-Crypto
-version:         0.3
+version:         0.5
 cabal-version:   >= 1.8
 license:         OtherLicense
 license-file:    COPYING
@@ -18,7 +18,7 @@
         that currently does fingerprint generation, signature generation, and
         signature verification (for RSA keys only).
         .
-        It is indended to be used with <http://hackage.haskell.org/openpgp>
+        It is indended to be used with <http://hackage.haskell.org/package/openpgp>
         .
         It is intended that you use qualified imports with this library.
         .
@@ -44,11 +44,10 @@
 
         build-depends:
                 base == 4.*,
-                containers,
                 bytestring,
                 utf8-string,
                 binary,
-                openpgp,
+                openpgp <= 0.5,
                 Crypto
 
 test-suite tests
@@ -57,11 +56,10 @@
 
         build-depends:
                 base == 4.*,
-                containers,
                 bytestring,
                 utf8-string,
                 binary,
-                openpgp,
+                openpgp <= 0.5,
                 Crypto,
                 HUnit,
                 QuickCheck >= 2.4.1.1,
