diff --git a/.gitignore b/.gitignore
index eb9b1f62f4139a3d76acdc34227f910ab5bad6c4..4f2b5d70e41da934a1bd7cb29080d536232f5abb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,6 @@
 *~
 *.swp
 *.swo
+CA*
+users/
+hosts/
diff --git a/Makefile b/Makefile
index 566d81e093c0ff3d9055acdc852faf7e0c705937..99bd3d8d12538eebb5865eff9fe5dbe445548239 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,9 @@ install:
 	chmod 755 /usr/local/bin/ssh-ca
 
 clean:
-	rm -rf CA CA.pub
+	rm -rf CA CA.pub users hosts
 
 test: clean
-	echo Not implemented.
+	./ssh-ca init
+	./ssh-ca newuser john
+	./ssh-ca newhost www
diff --git a/ssh-ca b/ssh-ca
index 620e52ede0cfe8c7cf5315f79258b250a53bfb96..0b9b929edf45fb888b97a5bd32511249d8281bd5 100755
--- a/ssh-ca
+++ b/ssh-ca
@@ -7,20 +7,31 @@ usage () {
 }
 
 init () {
+    echo Initializing new CA.
     mkdir -p hosts users
-    ssh-keygen -qf CA -P /dev/null
+    ssh-keygen -qf CA -P "" -C ssh-ca
 }
 
 signuser () {
-    echo Not implemented.
+    echo "Signing user $1 key."
+    ssh-keygen -s CA -I "$1" -n "$1" "users/$1.pub"
 }
 
 signhost () {
-    echo Not implemented.
+    echo "Signing host $1 key."
+    ssh-keygen -s CA -I "$1" -h -n "$1" "hosts/$1.pub"
 }
 
 newhost () {
-    echo Not implemented.
+    echo "Creating new host $1 keypair."
+    ssh-keygen -qf "hosts/$1" -P "" -C "$1"
+    signhost "$1"
+}
+
+newuser () {
+    echo "Creating new user $1 keypair."
+    ssh-keygen -qf "users/$1" -P "" -C "$1"
+    signuser "$1"
 }
 
 if [ $# -lt 1 ]
@@ -42,6 +53,9 @@ case "$1" in
     newhost)
         newhost "$2"
         ;;
+    newuser)
+        newuser "$2"
+        ;;
     *)
         usage
         exit 1