diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index 75cc9def1..d8b957e16 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -41,7 +41,6 @@ Q_LOGGING_CATEGORY(lcAccount, "sync.account", QtInfoMsg)
 Account::Account(QObject *parent)
     : QObject(parent)
     , _capabilities(QVariantMap())
-    , _encryption(new ClientSideEncryption(this))
     , _davPath(Theme::instance()->webDavPath())
 {
     qRegisterMetaType<AccountPtr>("AccountPtr");
@@ -485,9 +484,4 @@ void Account::setNonShib(bool nonShib)
     }
 }
 
-ClientSideEncryption *Account::cse() const
-{
-    return _encryption;
-}
-
 } // namespace OCC
diff --git a/src/libsync/account.h b/src/libsync/account.h
index b8e1b39b2..f172e5476 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -226,7 +226,6 @@ public:
     /// Called by network jobs on credential errors, emits invalidCredentials()
     void handleInvalidCredentials();
 
-    ClientSideEncryption *cse() const;
 public slots:
     /// Used when forgetting credentials
     void clearQNAMCache();
@@ -276,7 +275,6 @@ private:
     QuotaInfo *_quotaInfo;
     QSharedPointer<QNetworkAccessManager> _am;
     QScopedPointer<AbstractCredentials> _credentials;
-    ClientSideEncryption *_encryption;
     bool _http2Supported = false;
 
     /// Certificates that were explicitly rejected by the user
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 8b8b17709..c92d53a2d 100644
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1,34 +1,104 @@
 #include "clientsideencryption.h"
 #include "account.h"
 #include "capabilities.h"
+#include "networkjobs.h"
 
 #include <QDebug>
 #include <QLoggingCategory>
+#include <QFileInfo>
+#include <QDir>
 
 namespace OCC
 {
 
-Q_LOGGING_CATEGORY(lcCse, "sync.connectionvalidator", QtInfoMsg)
+Q_LOGGING_CATEGORY(lcCse, "sync.clientsideencryption", QtInfoMsg)
 
 QString baseUrl = QStringLiteral("ocs/v2.php/apps/client_side_encryption/api/v1/");
+QString baseDirectory = QDir::homePath() + QStringLiteral("/.nextcloud-keys/");
 
-ClientSideEncryption::ClientSideEncryption(Account *parent) : _account(parent)
+ClientSideEncryption::ClientSideEncryption()
 {
 }
 
-void OCC::ClientSideEncryption::initialize()
+void ClientSideEncryption::setAccount(AccountPtr account)
 {
+    _account = account;
+}
+
+void ClientSideEncryption::initialize()
+{
+    qCInfo(lcCse()) << "Initializing";
     if (!_account->capabilities().clientSideEncryptionAvaliable()) {
-        qCInfo(lcCse()) << "No client side encryption, do not initialize anything.";
+        qCInfo(lcCse()) << "No Client side encryption avaliable on server.";
         emit initializationFinished();
     }
 
-    fetchPrivateKey();
+    if (hasPrivateKey() && hasPublicKey()) {
+        qCInfo(lcCse()) << "Public and private keys already downloaded";
+        emit initializationFinished();
+    }
+
+    getPublicKeyFromServer();
 }
 
-void ClientSideEncryption::fetchPrivateKey()
+QString ClientSideEncryption::publicKeyPath() const
 {
-    qCInfo(lcCse()) << "Client side encryption enabled, trying to retrieve the key.";
+    return baseDirectory + _account->displayName() + ".pub";
+}
+
+QString ClientSideEncryption::privateKeyPath() const
+{
+    return baseDirectory + _account->displayName() + ".rsa";
+}
+
+bool ClientSideEncryption::hasPrivateKey() const
+{
+    return QFileInfo(privateKeyPath()).exists();
+}
+
+bool ClientSideEncryption::hasPublicKey() const
+{
+    return QFileInfo(publicKeyPath()).exists();
+}
+
+void ClientSideEncryption::generateKeyPair()
+{
+
+}
+
+QString ClientSideEncryption::generateSCR()
+{
+    return {};
+}
+
+void ClientSideEncryption::getPrivateKeyFromServer()
+{
+
+}
+
+void ClientSideEncryption::getPublicKeyFromServer()
+{
+    qCInfo(lcCse()) << "Retrieving public key from server";
+    auto job = new JsonApiJob(_account, baseUrl + "public-key", this);
+    connect(job, &JsonApiJob::jsonReceived, [this](const QJsonDocument& doc, int retCode) {
+        switch(retCode) {
+            case 404: // no public key
+                qCInfo(lcCse()) << "No public key, generating a pair.";
+                break;
+            case 400: // internal error
+                qCInfo(lcCse()) << "Internal server error while requesting the public key, encryption aborted.";
+                break;
+            case 200: // ok
+                qCInfo(lcCse()) << "Found Public key, requesting Private Key.";
+                break;
+        }
+    });
+    job->start();
+}
+
+void ClientSideEncryption::signPublicKey()
+{
+
 }
 
 }
diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
index 4f5826997..efe67d97f 100644
--- a/src/libsync/clientsideencryption.h
+++ b/src/libsync/clientsideencryption.h
@@ -3,23 +3,35 @@
 
 #include <QString>
 #include <QObject>
+#include <QJsonDocument>
+
+
+#include "accountfwd.h"
 
 namespace OCC {
 
-class Account;
 
 class ClientSideEncryption : public QObject {
     Q_OBJECT
 public:
-    ClientSideEncryption(OCC::Account *parent);
+    ClientSideEncryption();
     void initialize();
+    void setAccount(AccountPtr account);
+    bool hasPrivateKey() const;
+    bool hasPublicKey() const;
+    void generateKeyPair();
+    QString generateSCR();
+    void getPrivateKeyFromServer();
+    void getPublicKeyFromServer();
+    void signPublicKey();
+    QString privateKeyPath() const;
+    QString publicKeyPath() const;
 
-    void fetchPrivateKey();
 signals:
     void initializationFinished();
 
 private:
-    OCC::Account *_account;
+    OCC::AccountPtr _account;
     bool isInitialized = false;
 };
 
diff --git a/src/libsync/connectionvalidator.cpp b/src/libsync/connectionvalidator.cpp
index 7d9d04e50..f4bd69360 100644
--- a/src/libsync/connectionvalidator.cpp
+++ b/src/libsync/connectionvalidator.cpp
@@ -326,8 +326,9 @@ void ConnectionValidator::slotUserFetched(const QJsonDocument &json)
 void ConnectionValidator::slotAvatarImage(const QImage &img)
 {
     _account->setAvatar(img);
-    connect(_account->cse(), &ClientSideEncryption::initializationFinished, this, &ConnectionValidator::reportConnected);
-    _account->cse()->initialize();
+    cse.setAccount(_account);
+    connect(&cse, &ClientSideEncryption::initializationFinished, this, &ConnectionValidator::reportConnected);
+    cse.initialize();
 }
 
 void ConnectionValidator::reportConnected() {
diff --git a/src/libsync/connectionvalidator.h b/src/libsync/connectionvalidator.h
index 24a43f926..b9dfda3ed 100644
--- a/src/libsync/connectionvalidator.h
+++ b/src/libsync/connectionvalidator.h
@@ -21,6 +21,7 @@
 #include <QVariantMap>
 #include <QNetworkReply>
 #include "accountfwd.h"
+#include "clientsideencryption.h"
 
 namespace OCC {
 
@@ -63,10 +64,6 @@ namespace OCC {
         |
         +-> slotCapabilitiesRecieved -+
                                       |
-  +-----------------------------------+
-  |
-  +-> Client Side Encryption Checks --+
-                                      |
     +---------------------------------+
     |
   fetchUser
@@ -75,10 +72,13 @@ namespace OCC {
         +-> slotUserFetched
               AvatarJob
               |
-              +-> slotAvatarImage --> reportResult()
-
+              +-> slotAvatarImage -->
+  +-----------------------------------+
+  |
+  +-> Client Side Encryption Checks --+ --reportResult()
     \endcode
  */
+
 class OWNCLOUDSYNC_EXPORT ConnectionValidator : public QObject
 {
     Q_OBJECT
@@ -144,6 +144,7 @@ private:
     QStringList _errors;
     AccountPtr _account;
     bool _isCheckingServerAndAuth;
+    ClientSideEncryption cse;
 };
 }