--- a/client/client.go	Thu Oct 01 11:09:51 2020 +0200
+++ b/client/client.go	Thu Oct 01 11:56:03 2020 +0200
@@ -78,16 +78,19 @@
 	rpclog.SetLoglevel(rpclog.LOGLEVEL_INFO)
 
 	addr := flag.String("addr", "127.0.0.1:5353", "Listen address for DNS stub")
-	serverAddr := flag.String("server", "127.0.0.1:53", "Upstream resolver address")
-	pubkeyfile := flag.String("pubkeyfile", "", "Public key file for RPC encryption")
-	privkeyfile := flag.String("privkeyfile", "", "Private key file for RPC encryption")
+	serverAddr := flag.String("server", "127.0.0.1:53", "DNSOverRPC server address")
+	pubkeyfile := flag.String("pubkeyfile", "", "Public key file of the server for RPC encryption")
 	flag.Parse()
 
 	sm := securitymanager.NewClientSecurityManager()
-	sm.LoadKeys(*pubkeyfile, *privkeyfile)
 
-	if *pubkeyfile == "" || *privkeyfile == "" {
+	if *pubkeyfile == "" {
 		sm = nil
+	} else {
+		err := sm.LoadServerPubkey(*pubkeyfile)
+		if err != nil {
+			log.Fatal(err)
+		}
 	}
 
 	host, port, err := net.SplitHostPort(*serverAddr)

--- a/server/server.go	Thu Oct 01 11:09:51 2020 +0200
+++ b/server/server.go	Thu Oct 01 11:56:03 2020 +0200
@@ -121,10 +121,17 @@
 	flag.Parse()
 
 	sm := securitymanager.NewServerSecurityManager()
-	sm.LoadKeys(*pubkeyfile, *privkeyfile)
 	if *pubkeyfile == "" || *privkeyfile == "" {
 		sm = nil
+		log.Print("null policy")
+	} else {
+		err := sm.LoadKeys(*pubkeyfile, *privkeyfile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		log.Print("CURVE policy")
 	}
+	sm.ResetBlackWhiteLists()
 
 	host, port, err := net.SplitHostPort(*addr)
 	if err != nil {
@@ -134,7 +141,7 @@
 	if err != nil {
 		log.Fatal(err)
 	}
-	srv, err := server.NewServer(host, uint(iport), 2, nil)
+	srv, err := server.NewServer(host, uint(iport), 2, sm)
 	if err != nil {
 		log.Fatal(err)
 	}