diff --git a/include/neatvnc.h b/include/neatvnc.h
index 63ad54b..246e2f2 100644
--- a/include/neatvnc.h
+++ b/include/neatvnc.h
@@ -168,6 +168,8 @@ int nvnc_enable_auth(struct nvnc* self, const char* privkey_path,
 
 int nvnc_enable_auth2(struct nvnc* self, nvnc_auth_fn, void* userdata);
 
+int nvnc_set_rsa_creds(struct nvnc* self, const char* private_key_path);
+
 struct nvnc_fb* nvnc_fb_new(uint16_t width, uint16_t height,
                             uint32_t fourcc_format, uint16_t stride);
 struct nvnc_fb* nvnc_fb_from_buffer(void* buffer, uint16_t width,
diff --git a/src/server.c b/src/server.c
index 52828bd..5a8c1cc 100644
--- a/src/server.c
+++ b/src/server.c
@@ -492,11 +492,11 @@ static int rsa_aes_send_public_key(struct nvnc_client* client)
 {
 	struct nvnc* server = client->server;
 
-	// TODO: The key should be loaded if it exists; otherwise generated and
-	// saved.
 	if (!server->rsa_priv) {
 		assert(!server->rsa_pub);
 
+		nvnc_log(NVNC_LOG_WARNING, "An RSA key has not been set. A new key will be generated.");
+
 		server->rsa_priv = crypto_rsa_priv_key_new();
 		server->rsa_pub = crypto_rsa_pub_key_new();
 
@@ -2396,3 +2396,19 @@ void nvnc_set_cursor(struct nvnc* self, struct nvnc_fb* fb, uint16_t width,
 	LIST_FOREACH(client, &self->clients, link)
 		process_fb_update_requests(client);
 }
+
+EXPORT
+int nvnc_set_rsa_creds(struct nvnc* self, const char* path)
+{
+#ifdef HAVE_CRYPTO
+	crypto_rsa_priv_key_del(self->rsa_priv);
+	crypto_rsa_pub_key_del(self->rsa_pub);
+
+	self->rsa_priv = crypto_rsa_priv_key_new();
+	self->rsa_pub = crypto_rsa_pub_key_new();
+
+	bool ok = crypto_rsa_priv_key_load(self->rsa_priv, self->rsa_pub, path);
+	return ok ? 0 : -1;
+#endif
+	return -1;
+}