diff --git a/src/crypto/crypto_null.c b/src/crypto/crypto_null.c
index c9c32ae9..590ac560 100644
--- a/src/crypto/crypto_null.c
+++ b/src/crypto/crypto_null.c
@@ -81,7 +81,56 @@ struct cipher_algorithm cipher_null = {
 	.decrypt = cipher_null_decrypt,
 };
 
+static int pubkey_null_init ( void *ctx __unused, const void *key __unused,
+			      size_t key_len __unused ) {
+	return 0;
+}
+
+static size_t pubkey_null_max_len ( void *ctx __unused ) {
+	return 0;
+}
+
+static int pubkey_null_encrypt ( void *ctx __unused,
+				 const void *plaintext __unused,
+				 size_t plaintext_len __unused,
+				 void *ciphertext __unused ) {
+	return 0;
+}
+
+static int pubkey_null_decrypt ( void *ctx __unused,
+				 const void *ciphertext __unused,
+				 size_t ciphertext_len __unused,
+				 void *plaintext __unused ) {
+	return 0;
+}
+
+static int pubkey_null_sign ( void *ctx __unused,
+			      struct digest_algorithm *digest __unused,
+			      const void *value __unused,
+			      void *signature __unused ) {
+	return 0;
+}
+
+static int pubkey_null_verify ( void *ctx __unused,
+				struct digest_algorithm *digest __unused,
+				const void *value __unused,
+				const void *signature __unused ,
+				size_t signature_len __unused ) {
+	return 0;
+}
+
+static void pubkey_null_final ( void *ctx __unused ) {
+	/* Do nothing */
+}
+
 struct pubkey_algorithm pubkey_null = {
 	.name = "null",
 	.ctxsize = 0,
+	.init = pubkey_null_init,
+	.max_len = pubkey_null_max_len,
+	.encrypt = pubkey_null_encrypt,
+	.decrypt = pubkey_null_decrypt,
+	.sign = pubkey_null_sign,
+	.verify = pubkey_null_verify,
+	.final = pubkey_null_final,
 };
diff --git a/src/include/ipxe/crypto.h b/src/include/ipxe/crypto.h
index 7c21e96e..d7d42b66 100644
--- a/src/include/ipxe/crypto.h
+++ b/src/include/ipxe/crypto.h
@@ -96,6 +96,67 @@ struct pubkey_algorithm {
 	const char *name;
 	/** Context size */
 	size_t ctxsize;
+	/** Initialise algorithm
+	 *
+	 * @v ctx		Context
+	 * @v key		Key
+	 * @v key_len		Length of key
+	 * @ret rc		Return status code
+	 */
+	int ( * init ) ( void *ctx, const void *key, size_t key_len );
+	/** Calculate maximum output length
+	 *
+	 * @v ctx		Context
+	 * @ret max_len		Maximum output length
+	 */
+	size_t ( * max_len ) ( void *ctx );
+	/** Encrypt
+	 *
+	 * @v ctx		Context
+	 * @v plaintext		Plaintext
+	 * @v plaintext_len	Length of plaintext
+	 * @v ciphertext	Ciphertext
+	 * @ret ciphertext_len	Length of ciphertext, or negative error
+	 */
+	int ( * encrypt ) ( void *ctx, const void *data, size_t len,
+			    void *out );
+	/** Decrypt
+	 *
+	 * @v ctx		Context
+	 * @v ciphertext	Ciphertext
+	 * @v ciphertext_len	Ciphertext length
+	 * @v plaintext		Plaintext
+	 * @ret plaintext_len	Plaintext length, or negative error
+	 */
+	int ( * decrypt ) ( void *ctx, const void *data, size_t len,
+			    void *out );
+	/** Sign digest value
+	 *
+	 * @v ctx		Context
+	 * @v digest		Digest algorithm
+	 * @v value		Digest value
+	 * @v signature		Signature
+	 * @ret signature_len	Signature length, or negative error
+	 */
+	int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
+			 const void *value, void *signature );
+	/** Verify signed digest value
+	 *
+	 * @v ctx		Context
+	 * @v digest		Digest algorithm
+	 * @v value		Digest value
+	 * @v signature		Signature
+	 * @v signature_len	Signature length
+	 * @ret rc		Return status code
+	 */
+	int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
+			   const void *value, const void *signature,
+			   size_t signature_len );
+	/** Finalise algorithm
+	 *
+	 * @v ctx		Context
+	 */
+	void ( * final ) ( void *ctx );
 };
 
 static inline void digest_init ( struct digest_algorithm *digest,
@@ -147,6 +208,43 @@ static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
 	return ( cipher->blocksize == 1 );
 }
 
+static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
+				const void *key, size_t key_len ) {
+	return pubkey->init ( ctx, key, key_len );
+}
+
+static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
+				      void *ctx ) {
+	return pubkey->max_len ( ctx );
+}
+
+static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
+				   const void *data, size_t len, void *out ) {
+	return pubkey->encrypt ( ctx, data, len, out );
+}
+
+static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
+				   const void *data, size_t len, void *out ) {
+	return pubkey->decrypt ( ctx, data, len, out );
+}
+
+static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
+				struct digest_algorithm *digest,
+				const void *value, void *signature ) {
+	return pubkey->sign ( ctx, digest, value, signature );
+}
+
+static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
+				  struct digest_algorithm *digest,
+				  const void *value, const void *signature,
+				  size_t signature_len ) {
+	return pubkey->verify ( ctx, digest, value, signature, signature_len );
+}
+
+static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
+	pubkey->final ( ctx );
+}
+
 extern struct digest_algorithm digest_null;
 extern struct cipher_algorithm cipher_null;
 extern struct pubkey_algorithm pubkey_null;