diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
index db8bf0e2f..6c0f40c77 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -131,7 +131,8 @@ public class PgpSecurityConstants {
             CustomNamedCurves.getOID("secp256k1").getId(),
             TeleTrusTNamedCurves.getOID("brainpoolP256r1").getId(),
             TeleTrusTNamedCurves.getOID("brainpoolP384r1").getId(),
-            TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId()
+            TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId(),
+            CustomNamedCurves.getOID("curve25519").getId()
     ));
 
     static KeySecurityProblem checkForSecurityProblems(CanonicalizedPublicKey key) {
diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java
index 9e25841fb..fae6b87d1 100644
--- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java
+++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java
@@ -50,18 +50,6 @@ public class OpaqueKeyTest {
         assertTrue(log.containsType(LogType.MSG_KC_ERROR_MASTER_ALGO));
     }
 
-    @Test
-    public void testOpaqueOidSubKey__canonicalize__shouldFail() throws Exception {
-        // key from GnuPG's test suite, sample msg generated using GnuPG v2.1.18
-        // TODO use for actual tests once eddsa is supported!
-        UncachedKeyRing ring = readRingFromResource("/test-keys/ed25519-cv25519-sample-1.asc");
-
-        OperationLog log = new OperationLog();
-        ring.canonicalize(log, 0);
-
-        assertTrue(log.containsType(LogType.MSG_KC_SUB_BAD));
-    }
-
     @Test
     public void testOpaqueSubKey__canonicalize__shouldStrip() throws Exception {
         UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-subkey.pub.asc");
diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java
new file mode 100644
index 000000000..c87acdcb0
--- /dev/null
+++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2017 Schürmann & Breitmoser GbR
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.provider;
+
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import android.app.Application;
+import android.support.annotation.NonNull;
+
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.openintents.openpgp.OpenPgpSignatureResult;
+import org.robolectric.RuntimeEnvironment;
+import org.robolectric.shadows.ShadowLog;
+import org.robolectric.util.Util;
+import org.sufficientlysecure.keychain.KeychainTestRunner;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
+import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
+import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel;
+import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation;
+import org.sufficientlysecure.keychain.pgp.PgpSignEncryptData;
+import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
+import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+import static org.junit.Assert.assertArrayEquals;
+
+
+@SuppressWarnings("WeakerAccess")
+@RunWith(KeychainTestRunner.class)
+public class Cv25519Test {
+    public static final byte[] ENCRYPTED_PLAINTEXT = "hi\n".getBytes();
+    private KeyWritableRepository keyRepository;
+    private Application context;
+
+
+    @BeforeClass
+    public static void setUpOnce() throws Exception {
+        ShadowLog.stream = System.out;
+    }
+
+    @Before
+    public void setUp() throws Exception {
+        context = RuntimeEnvironment.application;
+        keyRepository = KeyWritableRepository.create(context);
+
+    }
+
+    @Test
+    public void testDecryptX25519() throws Exception {
+        loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc");
+
+        byte[] encryptedText = readBytesFromResource("/test-keys/cv25519-encrypted.asc");
+        DecryptVerifyResult result = simpleDecryptText(encryptedText);
+
+        assertArrayEquals(ENCRYPTED_PLAINTEXT, result.getOutputBytes());
+    }
+
+    @Test
+    public void testEncryptX25519() throws Exception {
+        UncachedKeyRing uncachedKeyRing = loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc");
+
+        PgpSignEncryptData data = PgpSignEncryptData.builder()
+                .setEncryptionMasterKeyIds(new long[] { uncachedKeyRing.getMasterKeyId() })
+                .build();
+        PgpSignEncryptInputParcel inputParcel = PgpSignEncryptInputParcel.createForBytes(
+                data, null, ENCRYPTED_PLAINTEXT);
+
+        PgpSignEncryptOperation op = new PgpSignEncryptOperation(context, keyRepository, null);
+        PgpSignEncryptResult result = op.execute(inputParcel, CryptoInputParcel.createCryptoInputParcel());
+
+        assertTrue(result.success());
+
+        DecryptVerifyResult decryptResult = simpleDecryptText(result.getOutputBytes());
+
+        assertTrue(decryptResult.success());
+        assertArrayEquals(ENCRYPTED_PLAINTEXT, decryptResult.getOutputBytes());
+    }
+
+    private UncachedKeyRing loadSecretKeyringFromResource(String name) throws Exception {
+        UncachedKeyRing ring = readRingFromResource(name);
+        SaveKeyringResult saveKeyringResult = keyRepository.saveSecretKeyRing(ring);
+        assertTrue(saveKeyringResult.success());
+        assertFalse(saveKeyringResult.getLog().containsWarnings());
+        return ring;
+    }
+
+    @NonNull
+    private DecryptVerifyResult simpleDecryptText(byte[] encryptedText) {
+        PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel =
+                PgpDecryptVerifyInputParcel.builder().setInputBytes(encryptedText).build();
+
+        PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null);
+        DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, CryptoInputParcel.createCryptoInputParcel());
+
+        assertTrue(result.success());
+        assertEquals(OpenPgpSignatureResult.RESULT_NO_SIGNATURE, result.getSignatureResult().getResult());
+        return result;
+    }
+
+    private byte[] readBytesFromResource(String name) throws Exception {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        InputStream input = Cv25519Test.class.getResourceAsStream(name);
+
+        Util.copy(input, baos);
+
+        return baos.toByteArray();
+    }
+
+    UncachedKeyRing readRingFromResource(String name) throws Exception {
+        return UncachedKeyRing.fromStream(Cv25519Test.class.getResourceAsStream(name)).next();
+    }
+
+}
\ No newline at end of file
diff --git a/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc b/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc
new file mode 100644
index 000000000..6907c57ed
--- /dev/null
+++ b/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP MESSAGE-----
+
+hF4DJy6x5ZTOXfMSAQdAuUEh4g2wNp18u9jQk3K64tSNbpkLX2CJXzJiNeGV4TQw
+k7OjaIka09odhhejsmD3nRg6LCKmUUJEJsE1iCExGTsOyw4wNbwABmoGcpcCV0me
+0j4Bl7TlhKMWbtYOcSDn8rqHa4hJnMQZnIFt+L3qznmn8bIW6Y/4N3zmIMAUhSuE
+6Kcc//vPlucognM99zQOHQ==
+=iBYu
+-----END PGP MESSAGE-----
\ No newline at end of file
diff --git a/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc b/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc
new file mode 100644
index 000000000..22860a38b
--- /dev/null
+++ b/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc
@@ -0,0 +1,14 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEWQURixYJKwYBBAHaRw8BAQdAIpQDhaf1xZgQNvvaQgWbO4z7opG27HbU9GO/
+5xPTwwQAAQCpAW8unz7f9EVO4/bzZ6W+EGu5A2WQ2Wscpqa6IFmGUhAEtAtNci4g
+Q3YyNTUxOYiQBBMWCAA4FiEEygk6J8zDABl0THee927KXOCa9BUFAlkFEYsCGwMF
+CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ927KXOCa9BWxaQD/ZlBhwhm9x2+A
+yxEKK90WmS0IAFf5UtWm/IGkvkzOHnsA/1y8WNwyveHOPP/5BKWaR/oxFh0w23mW
+reNN428DxlgJnF0EWQURixIKKwYBBAGXVQEFAQEHQH/8G39ToD7jkPCTORsFiwl7
+8Q2b/EBc0xi2yOeZlYxCAwEIBwAA/0WvwrkkrWbDTdBQj0qsVo+LizwVT3rkQQS3
+lMdVHf2IEKGIeAQYFggAIBYhBMoJOifMwwAZdEx3nvduylzgmvQVBQJZBRGLAhsM
+AAoJEPduylzgmvQVoPQA/R7P/kW99jFqmDDEZkFTHYDbHpjnyXOMjFg3hSs2BJZP
+AQDl71K7mx2R/zsS2l0+dhktkD9l2Lmb75egpzy2il3vBA==
+=T0w3
+-----END PGP PRIVATE KEY BLOCK-----
\ No newline at end of file
diff --git a/extern/bouncycastle b/extern/bouncycastle
index ef1033a70..3872e5ebe 160000
--- a/extern/bouncycastle
+++ b/extern/bouncycastle
@@ -1 +1 @@
-Subproject commit ef1033a701769af4ad4b0c81efcb4730989509b3
+Subproject commit 3872e5ebe104985f85ebe3ab59bdd72939477913