diff --git a/node/Dictionary.hpp b/node/Dictionary.hpp
index 5d453fd95..eab2b162e 100644
--- a/node/Dictionary.hpp
+++ b/node/Dictionary.hpp
@@ -454,7 +454,7 @@ public:
 	{
 		this->erase(sigKey);
 		C25519::Signature sig(C25519::sign(kp,this->data(),this->sizeBytes()));
-		this->add(sigKey,sig.data,ZT_C25519_SIGNATURE_LEN);
+		this->add(sigKey,reinterpret_cast<const char *>(sig.data),ZT_C25519_SIGNATURE_LEN);
 	}
 
 	/**
diff --git a/node/Identity.hpp b/node/Identity.hpp
index ef7f2d775..e4522732c 100644
--- a/node/Identity.hpp
+++ b/node/Identity.hpp
@@ -287,6 +287,19 @@ public:
 	 */
 	inline const C25519::Public &publicKey() const { return _publicKey; }
 
+	/**
+	 * @return C25519 key pair (only returns valid pair if private key is present in this Identity object)
+	 */
+	inline const C25519::Pair privateKeyPair() const
+	{
+		C25519::Pair pair;
+		pair.pub = _publicKey;
+		if (_privateKey)
+			pair.priv = *_privateKey;
+		else memset(pair.priv.data,0,ZT_C25519_PRIVATE_KEY_LEN);
+		return pair;
+	}
+
 	/**
 	 * @return True if this identity contains something
 	 */
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index e188784af..139661dbc 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -749,6 +749,7 @@ bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,cons
 						Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> *dconf = new Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY>();
 						try {
 							if (netconf->toDictionary(*dconf,metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION,0) < 6)) {
+								dconf->wrapWithSignature(ZT_NETWORKCONFIG_DICT_KEY_SIGNATURE,RR->identity.privateKeyPair());
 								const unsigned int totalSize = dconf->sizeBytes();
 								unsigned int chunkIndex = 0;
 								while (chunkIndex < totalSize) {