diff --git a/src/dnssec-crypto.h b/src/dnssec-crypto.h
index 1c8b36d..c5e191b 100644
--- a/src/dnssec-crypto.h
+++ b/src/dnssec-crypto.h
@@ -50,7 +50,7 @@ typedef struct
   alg ## _verify \
   } /**/
 
-/* Algorithm 5: RSASHA1 */
 DEFINE_VALG(rsasha1);
+DEFINE_VALG(rsasha256);
 
 #endif /* DNSSEC_CRYPTO_H */
diff --git a/src/dnssec-openssl.c b/src/dnssec-openssl.c
index 5c2536e..4dfb2ac 100644
--- a/src/dnssec-openssl.c
+++ b/src/dnssec-openssl.c
@@ -1,41 +1,63 @@
 #include <string.h>
 #include <openssl/evp.h>
 
-struct rsasha1_state
+struct rsasha_state
 {
   union
     {
       EVP_MD_CTX hash;
-      unsigned char digest[20];
+      unsigned char digest[32];
     };
   unsigned char *sig;
   unsigned siglen;
 
-} RSASHA1;
+} RSASHA;
 
 int rsasha1_set_signature(unsigned char *data, unsigned len)
 {
-  RSASHA1.sig = data;
-  RSASHA1.siglen = len;
+  RSASHA.sig = data;
+  RSASHA.siglen = len;
+  return 1;
+}
+
+int rsasha256_set_signature(unsigned char *data, unsigned len)
+{
+  RSASHA.sig = data;
+  RSASHA.siglen = len;
   return 1;
 }
 
 void rsasha1_begin_data(void)
 {
-  EVP_MD_CTX_init(&RSASHA1.hash);
-  EVP_DigestInit_ex(&RSASHA1.hash, EVP_sha1(), NULL);
+  EVP_MD_CTX_init(&RSASHA.hash);
+  EVP_DigestInit_ex(&RSASHA.hash, EVP_sha1(), NULL);
+}
+void rsasha256_begin_data(void)
+{
+  EVP_MD_CTX_init(&RSASHA.hash);
+  EVP_DigestInit_ex(&RSASHA.hash, EVP_sha256(), NULL);
 }
 
 void rsasha1_add_data(void *data, unsigned len)
 {
-  EVP_DigestUpdate(&RSASHA1.hash, data, len);
+  EVP_DigestUpdate(&RSASHA.hash, data, len);
+}
+void rsasha256_add_data(void *data, unsigned len)
+{
+  EVP_DigestUpdate(&RSASHA.hash, data, len);
 }
 
 void rsasha1_end_data(void)
 {
   unsigned char digest[20];
-  EVP_DigestFinal(&RSASHA1.hash, digest, NULL);
-  memcpy(RSASHA1.digest, digest, 20);
+  EVP_DigestFinal(&RSASHA.hash, digest, NULL);
+  memcpy(RSASHA.digest, digest, 20);
+}
+void rsasha256_end_data(void)
+{
+  unsigned char digest[32];
+  EVP_DigestFinal(&RSASHA.hash, digest, NULL);
+  memcpy(RSASHA.digest, digest, 32);
 }
 
 int rsasha1_verify(unsigned char *key, unsigned key_len)
@@ -43,3 +65,8 @@ int rsasha1_verify(unsigned char *key, unsigned key_len)
   return 0;
 }
 
+int rsasha256_verify(unsigned char *key, unsigned key_len)
+{
+  return 0;
+}
+
diff --git a/src/dnssec.c b/src/dnssec.c
index 5c6bda5..1d8727e 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -23,7 +23,7 @@ static const VerifyAlg valgs[] =
   VALG_VTABLE(rsasha1),   /*  5: RSASHA1 */
   {0,0,0,0,0},            /*  6: DSA-NSEC3-SHA1 */
   {0,0,0,0,0},            /*  7: RSASHA1-NSEC3-SHA1 */
-  {0,0,0,0,0},            /*  8: RSASHA256 */
+  VALG_VTABLE(rsasha256), /*  8: RSASHA256 */
   {0,0,0,0,0},            /*  9: unassigned */
   {0,0,0,0,0},            /* 10: RSASHA512 */
   {0,0,0,0,0},            /* 11: unassigned */