diff --git a/README.md b/README.md
index 1b5af4a3b..2e37e0225 100755
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 > #TL;DR#
 > 
-> ```sudo apt-get update; sudo apt-get install build-essential libcurl4-gnutls-dev autotools-dev libtool autoconf libgmp3-dev libssl-dev libgmp3-dev; git clone https://github.com/jl777/SuperNET; cd SuperNET; ./m_onetime m_unix; ./m_unix; agents/iguana```
+> ```sudo apt-get update; sudo apt-get install build-essential curl libcurl4-gnutls-dev autotools-dev libtool autoconf libgmp3-dev libssl-dev libgmp3-dev; git clone https://github.com/jl777/SuperNET; cd SuperNET; ./m_onetime m_unix; cd iguana; ./m_unix; agents/iguana```
 > 
 > The above one line gets SuperNET installed, built and launched for unix. 
 > 
diff --git a/iguana/iguana777.h b/iguana/iguana777.h
index 2d79b9dec..541e77271 100755
--- a/iguana/iguana777.h
+++ b/iguana/iguana777.h
@@ -945,6 +945,7 @@ uint8_t iguana_addrtype(struct iguana_info *coin,uint8_t script_type);
 struct iguana_waddress *iguana_waddressadd(struct supernet_info *myinfo,struct iguana_info *coin,struct iguana_waccount *wacct,struct iguana_waddress *addwaddr,char *redeemScript);
 cJSON *iguana_createvins(struct supernet_info *myinfo,struct iguana_info *coin,cJSON *txobj,cJSON *vins);
 bits256 bitcoin_pubkey33(void *ctx,uint8_t *data,bits256 privkey);
+bits256 bitcoin_randkey(void *ctx);
 
 extern int32_t HDRnet,netBLOCKS;
 
diff --git a/iguana/iguana_passport.c b/iguana/iguana_passport.c
new file mode 100755
index 000000000..156d66c35
--- /dev/null
+++ b/iguana/iguana_passport.c
@@ -0,0 +1,43 @@
+/******************************************************************************
+ * Copyright © 2014-2016 The SuperNET Developers.                             *
+ *                                                                            *
+ * See the AUTHORS, DEVELOPER-AGREEMENT and LICENSE files at                  *
+ * the top-level directory of this distribution for the individual copyright  *
+ * holder information and the developer policies on copyright and licensing.  *
+ *                                                                            *
+ * Unless otherwise agreed in a custom licensing agreement, no part of the    *
+ * SuperNET software, including this file may be copied, modified, propagated *
+ * or distributed except according to the terms contained in the LICENSE file *
+ *                                                                            *
+ * Removal or modification of this copyright notice is prohibited.            *
+ *                                                                            *
+ ******************************************************************************/
+
+#include "iguana777.h"
+
+/*
+ Asset Passport System - first draft spec
+
+ Asset Export - destination blockchain and address, BTC sync
+ Asset Import - source blockchain txid or BTCD txid
+ 
+Assets can be exported from any blockchain that supports a burn transaction with an attachment. This attachment needs to have a destination blockchain and address. In case a blockchain cannot support a combined burn with attachment, the burn txid can be added to the export payload and this combined data signed using the source blockchain's signing method to create a BTCD 'APS' OP_RETURN
+ 
+While it is not expected that there will be more than 256 such blockchains, by using the bitcoin varint we can encode an arbitrary number of destination blockchains using one byte, until we need to expand. For now the following one byte codes represent the destination blockchain:
+ 
+ 'b' -> bitcoin/BitcoinDark (BTC)
+ 'c' -> colored coins
+ 'e' -> ethereum (ETH)
+ 'n' -> NXT
+ 'o' -> open assets
+ 'w' -> WAVES
+ 'x' -> counterparty (XCP)
+ '?' -> please contact jl777 to have asset supporting blockchain added. 
+ 
+ When 0xfc slots are filled, the code (0xfd + 2 bytes) will be used. It is safe to assume there wont be more than 65534 supporting blockchains, but codes 0xfe and 0xff will be reserved just in case
+ 
+ The destination address is the 20 byte rmd160 of the sha256 of the 256 bit privkey, basically the precursor to all bitcoin type of addresses in a coin agnostic format, so this handles all the blockchains that use a bitcoin type of addressing. For blockchains that do not, the method to map its privkeys to a 256 bit privkey needs to be defined. Then the standard rmd160(sha256(mapped privkey)) will be the address
+ 
+By encoding the above 21 bytes into the existing blockchain with the burning of the asset on that blockchain, it no longer exists on the source blockchain and it has a unique destination blockchain.
+ 
+ */
diff --git a/iguana/iguana_payments.c b/iguana/iguana_payments.c
index d633b5944..fff89e0c0 100755
--- a/iguana/iguana_payments.c
+++ b/iguana/iguana_payments.c
@@ -132,7 +132,7 @@ cJSON *iguana_p2shjson(struct supernet_info *myinfo,struct iguana_info *coin,cJS
 cJSON *iguana_scriptobj(struct iguana_info *coin,uint8_t rmd160[20],char *coinaddr,char *asmstr,uint8_t *script,int32_t scriptlen)
 {
     struct vin_info V; int32_t i,plen,asmtype; char pubkeystr[130],rmdstr[41]; cJSON *addrobj,*scriptobj=cJSON_CreateObject();
-    if ( (asmtype= iguana_calcrmd160(coin,asmstr,&V,script,scriptlen,rand256(1),1,0xffffffff)) >= 0 )
+    if ( (asmtype= iguana_calcrmd160(coin,asmstr,&V,script,scriptlen,rand256(0),1,0xffffffff)) >= 0 )
     {
         if ( asmstr != 0 && asmstr[0] != 0 )
             jaddstr(scriptobj,"asm",asmstr);
diff --git a/iguana/iguana_secp.c b/iguana/iguana_secp.c
index 06ccb8d9c..865597691 100755
--- a/iguana/iguana_secp.c
+++ b/iguana/iguana_secp.c
@@ -16,9 +16,34 @@
 #include <ctype.h>
 #include <string.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include "../includes/curve25519.h"
 #include "../../secp256k1-zkp/include/secp256k1.h"
 
+bits256 bitcoin_randkey(secp256k1_context *ctx)
+{
+    int32_t i,flag = 0; bits256 privkey;
+    if ( ctx == 0 )
+        ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY), flag++;
+    if ( ctx != 0 )
+    {
+        for (i=0; i<100; i++)
+        {
+            privkey = rand256(0);
+            if ( secp256k1_ec_seckey_verify(ctx,privkey.bytes) > 0 )
+            {
+                if ( flag != 0 )
+                    secp256k1_context_destroy(ctx);
+                return(privkey);
+            }
+        }
+        if ( flag != 0 )
+            secp256k1_context_destroy(ctx);
+    }
+    fprintf(stderr,"couldnt generate valid bitcoin privkey. something is REALLY wrong. exiting\n");
+    exit(-1);
+}
+
 bits256 bitcoin_pubkey33(secp256k1_context *ctx,uint8_t *data,bits256 privkey)
 {
     int32_t flag=0; size_t plen; bits256 pubkey; secp256k1_pubkey secppub;
diff --git a/iguana/iguana_wallet.c b/iguana/iguana_wallet.c
index ebb76aada..5a63d2bf6 100755
--- a/iguana/iguana_wallet.c
+++ b/iguana/iguana_wallet.c
@@ -813,7 +813,7 @@ char *getnewaddress(struct supernet_info *myinfo,struct iguana_waddress **waddrp
     if ( retstr != 0 )
     {
         memset(&addr,0,sizeof(addr));
-        if ( iguana_waddresscalc(myinfo,coin->chain->pubtype,coin->chain->wiftype,&addr,rand256(1)) != 0 )
+        if ( iguana_waddresscalc(myinfo,coin->chain->pubtype,coin->chain->wiftype,&addr,bitcoin_randkey(myinfo->ctx)) != 0 )
             retjson = iguana_walletadd(myinfo,waddrp,coin,retstr,account,&addr,1,0);
         else return(clonestr("{\"error\":\"couldnt calculate waddr\"}"));
     } else return(clonestr("{\"error\":\"no wallet data\"}"));
diff --git a/iguana/tests/.signmessage.swp b/iguana/tests/.signmessage.swp
new file mode 100644
index 000000000..cd28a7c6c
Binary files /dev/null and b/iguana/tests/.signmessage.swp differ