diff --git a/README.md b/README.md
index fabea91..5d91667 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,9 @@ nginx / apache / lighttpd <br/>
 openssh <br/>
 php <br/>
 socat <br/>
-sqlite3 / mariadb (only sqlite3 for now)<br/>
+sqlite3 / mariadb (only sqlite3 for now) <br/>
 usermode-utilities <br/>
+openssl (for managing remote servers) <br/>
 
 **Manual install:** <br/>
 become root <br/>
@@ -28,5 +29,7 @@ ln -sf ${PWD}/nlvmi/wrap-nlvmi /usr/bin/  <br/>
 ln -sf ${PWD}/nlvmi/web /var/www/localhost/htdocs/nlvmi  <br/>
 chown root:nlvmi nlvmi/*nlvmi <br/>
 chmod +s nlvmi/wrap-nlvmi <br/>
+
+#not yet implemented... <br/>
 mkdir /etc/nginx/nlvmi <br/>
-add an "include nlvmi/*.conf" statement within nginx.conf's server declaration. <br/>
\ No newline at end of file
+add an "include nlvmi/*.conf" statement within nginx.conf's server declaration. <br/>
diff --git a/nlvmi b/nlvmi
index 116bd3b..8779236 100755
--- a/nlvmi
+++ b/nlvmi
@@ -34,7 +34,7 @@ function checkdb {
 		echo "error accessing sqlite!"
 		exit 1;
 	fi
-echo "sqlite ready to use";
+	echo "sqlite ready to use";
     elif [ $DATABASETYPE == "mariadb" ]; then
         DBCON="mysql --disable-pager -u $MARIAUSER -p$MARIAPASS -h $MARIAHOST $MARIADB"
         declare -a DBC=`echo "SHOW TABLES FROM $MARIADB; " | $DBCON | sed 1d`
@@ -134,6 +134,7 @@ function vmstart {
                         if [ ! -z ${array[6]} ]; then SMP="-smp ${array[6]}"; fi
                         if [ ! -z ${array[7]} ]; then MEMORY="-m ${array[7]}"; fi
                         if [ ! -z ${array[8]} ]; then USBDEV="-usb -device usb-ehci,id=ehci -device usb-${array[8]},bus=usb-bus.0"; fi
+			if [ ! -z ${array[9]} ]; then KB="-k ${array[9]}"; fi
                         if [ ! -z ${array[10]} ]; then CUSTOM="${array[10]}"; fi
                         if [ ! -z ${array[13]} ]; then DRIVE1="-drive file=${array[13]}"; echo "chown ${array[2]}:nlvmi ${array[13]}" >>$TMPF; fi
                         if [ ! -z ${array[14]} ]; then FORMAT1=",format=${array[14]},if=virtio"; fi
@@ -153,20 +154,22 @@ function vmstart {
 			if [ ! -z ${array[28]} ]; then BRDEV3="${array[28]}"; echo "brctl addif ${array[28]} ${array[26]}" >>$TMPF; fi
 			if [ ! -z ${array[30]} ]; then WEBSOCK=",websocket=${array[30]}"; else WEBSOCK=""; fi
                         if [ ! -z ${array[29]} ]; then VNCPORT="-vnc :${array[29]}$WEBSOCK,password"; fi
-                        COMMAND=(su - ${array[2]} -s /bin/bash -c \"${array[4]} -enable-kvm $CUSTOM $CPUTYPE $MEMORY $SMP -boot ${array[11]} $USBDEV -k ${array[9]} -daemonize $DRIVE1$FORMAT1 $DRIVE2$FORMAT2 $DRIVE3$FORMAT3 $CDROM $MACADDR1 $TAPDEV1 $MACADDR2 $TAPDEV2 $MACADDR3 $TAPDEV3 $VNCPORT $CUSTOM -pidfile $RUNDIRECTORY/${array[1]}.pid -monitor unix:$RUNDIRECTORY/${array[1]}.mon,server,nowait\")
+                        COMMAND=(su - ${array[2]} -s /bin/bash -c \"${array[4]} -enable-kvm $CUSTOM $CPUTYPE $MEMORY $SMP -boot ${array[11]} $USBDEV $KB -daemonize $DRIVE1$FORMAT1 $DRIVE2$FORMAT2 $DRIVE3$FORMAT3 $CDROM $MACADDR1 $TAPDEV1 $MACADDR2 $TAPDEV2 $MACADDR3 $TAPDEV3 $VNCPORT $CUSTOM -pidfile $RUNDIRECTORY/${array[1]}.pid -monitor unix:$RUNDIRECTORY/${array[1]}.mon,server,nowait\")
 			if [ $LOGLEVEL -gt "1" ]; then echo ${COMMAND[@]}; fi
 			echo "${COMMAND[@]}" >>$TMPF
 			#Set VNC Password
 			echo "echo \"change vnc password ${array[31]}\" | socat - unix-connect:$RUNDIRECTORY/${array[1]}.mon >/dev/null" >>$TMPF
 			if [ ! -z "${array[34]}" ]; then
-			    echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF
-			    su nlvmi -c "scp $TMPF ${array[34]}:/home/nlvmi/"
-			    su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\""
-			    su nlvmi -c "ssh ${array[34]} \"rm $TMPF\""
-			    rm $TMPF
-			else 
-			    /bin/bash $TMPF
-			    rm $TMPF
+				echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF
+				echo "chmod g+r $RUNDIRECTORY/${array[1]}.pid" >>$TMPF
+				openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out /home/nlvmi/${array[1]}.tmp.sha512 $TMPF
+				su nlvmi -c "scp $TMPF* ${array[34]}:/home/nlvmi/"
+				su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\""
+				su nlvmi -c "ssh ${array[34]} \"rm $TMPF $TMPF.sha512\""
+				rm $TMPF $TMPF.sha512
+			else
+				/bin/bash $TMPF
+				rm $TMPF
 			fi
 	done
 	export VMFOUND="yes"
@@ -187,15 +190,20 @@ function vmstop {
                         STOPPED="no"
 			COUNTER=0
                         while [ $STOPPED = "no" ]; do
-				if [ $COUNTER == 200 ]; then
+				if [ $COUNTER == 2 ]; then
 					if [ -z ${array[2]} ]; then
 						kill `cat $RUNDIRECTORY/${array[1]}.pid`
 						echo "${array[1]} forcefully killed!";
 						STOPPED="yes"
 					else
-						su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\""
+						TMPF=/home/nlvmi/${array[1]}.tmp
+						echo "kill \$(<\"$RUNDIRECTORY/${array[1]}.pid\")" >$TMPF
+						openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out $TMPF.sha512 $TMPF
+						su nlvmi -c "scp $TMPF* ${array[2]}:/home/nlvmi/"
+#						su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\""
 						su nlvmi -c "ssh ${array[2]} \"/usr/bin/nlvmi remote /home/nlvmi/${array[1]}.tmp stop\""
-						su nlvmi -c "ssh ${array[2]} \"rm /home/nlvmi/${array[1]}.tmp\""
+						su nlvmi -c "ssh ${array[2]} \"rm $TMPF $TMPF.sha512\""
+						rm $TMPF $TMPF.sha512
 						echo "remotekill"
 						STOPPED="yes"
 					fi
@@ -264,7 +272,7 @@ if [ $# -gt 0 ]; then
 			export "$VMFOUND"
 			vmstart $arrays
 		done
-			if [[ $VMFOUND == "no" ]]; then echo "no VM with that name found!"; exit 1; fi)
+		if [[ $VMFOUND == "no" ]]; then echo "no VM with that name found!"; exit 1; fi)
 	elif [ $1 == "stop" ]; then
 		if [ -z $2 ]; then echo "stop needs a vmname!"; exit 1; fi
 		VMFOUND="no"
@@ -278,9 +286,6 @@ if [ $# -gt 0 ]; then
 			if [[ $VMFOUND == "no" ]]; then echo "no VM with that name found!"; exit 1; fi)
 	elif [ $1 == "stopall" ]; then
 		stopall
-	elif [ $1 == "checkvm" ]; then
-		if [ -z $2 ]; then echo "checkvm needs a vmname!"; exit 1; fi
-		if [ -e $RUNDIRECTORY/$2.mon ]; then echo $2 running; else echo $2 stopped; fi
 	elif [ $1 == "listdir" ]; then
 		if [ -z $2 ] || [ -z $3 ]; then echo listdir needs two more arguments; exit 1; fi
 		listdir $2 $3
@@ -288,7 +293,8 @@ if [ $# -gt 0 ]; then
 		if [ ! -z $MASTERSERVER ]; then
 			if `echo $SSH_CLIENT | grep "$MASTERSERVER " &>/dev/null`; then
 				if [ -e $2 ]; then
-					/bin/bash $2;
+					openssl dgst -sha512 -verify  <(openssl x509 -in "/nlvmi/nlvmi_sign.crt"  -pubkey -noout) -signature $2.sha512 $2 >/dev/null && /bin/bash $2 || echo "signature failed!!"
+#					/bin/bash $2;
 				fi
 			else
 				echo "not allowed";
diff --git a/web/.sha512 b/web/.sha512
new file mode 100644
index 0000000..12bb389
Binary files /dev/null and b/web/.sha512 differ
diff --git a/web/index.php b/web/index.php
index 248f047..4f4d814 100644
--- a/web/index.php
+++ b/web/index.php
@@ -589,7 +589,7 @@ if (isset($_SESSION['username'])){
                 $button = "stop";
                 $buttonc = "btn-warning";
             }
-            $vncport = sprintf("%02d", $row[vncport]);
+            $vncport = sprintf("%02d", $row['vncport']);
             echo "<div class=col style=\"margin:5px;padding:5px;border:solid 1px;max-width:295px;\"><h3>$row[vmname]</h3>$row[server]</br>$row[cpus] CPUs, $row[memory] MB RAM</br>$row[drive1]</br>";
             echo "VNC port: 59$vncport</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> ";
             echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> ";