really fixed key generation, it must be run as the target user to be a valid key. added varianle encrypten support too (dsa/rsa)