diff --git a/agent/key.go b/agent/key.go
index 38ed34d..e98fb16 100644
--- a/agent/key.go
+++ b/agent/key.go
@@ -49,7 +49,7 @@ type Key struct {
 }
 
 // Public returns this key's public key.
-func (key Key) Public() crypto.PublicKey {
+func (key *Key) Public() crypto.PublicKey {
 	return key.publicKey
 }
 
@@ -58,7 +58,7 @@ func (key Key) Public() crypto.PublicKey {
 // opts must have type *OAEPOptions and OAEP decryption is done.
 //
 // This function is basically a copy of rsa.Decrypt().
-func (key Key) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
+func (key *Key) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
 	switch pub := key.publicKey.(type) {
 	case *rsa.PublicKey:
 		priv := &internalrsa.PrivateKey{
@@ -105,7 +105,7 @@ func (key Key) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterO
 // will be used.
 //
 // This function is basically a copy of rsa.Sign().
-func (key Key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+func (key *Key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
 	switch pub := key.publicKey.(type) {
 	case *rsa.PublicKey:
 		priv := &internalrsa.PrivateKey{
@@ -126,7 +126,7 @@ func (key Key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signatu
 	}
 }
 
-func (key Key) decrypt(c *big.Int) (*big.Int, error) {
+func (key *Key) decrypt(c *big.Int) (*big.Int, error) {
 	encCipherText, err := encodeRSACipherText(c.Bytes())
 	if err != nil {
 		return nil, err
@@ -175,7 +175,7 @@ func (key Key) decrypt(c *big.Int) (*big.Int, error) {
 	return (&big.Int{}).SetBytes(plaintext), nil
 }
 
-func (key Key) signPKCS1v15(msg []byte, opts crypto.SignerOpts) ([]byte, error) {
+func (key *Key) signPKCS1v15(msg []byte, opts crypto.SignerOpts) ([]byte, error) {
 	var hashType string
 	switch opts.HashFunc() {
 	case crypto.MD5: