diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index 19e6bacf1..2c5faaa52 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -240,6 +240,20 @@ TALER_data_to_string_alloc (const void *buf,
 
 /* ****************** Refresh crypto primitives ************* */
 
+/**
+ * Secret used to decrypt the key to decrypt link secrets.
+ */
+struct TALER_TransferSecret
+{
+  /**
+   * Secret used to encrypt/decrypt the `struct TALER_LinkSecret`.
+   * Must be (currently) a hash as this is what
+   * #GNUNET_CRYPTO_ecc_ecdh() returns to us.
+   */
+  struct GNUNET_HashCode key;
+};
+
+
 /**
  * Secret used to decrypt refresh links.
  */
@@ -312,15 +326,14 @@ struct TALER_RefreshLinkDecrypted
  * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
  * to obtain the @a secret to decrypt the linkage data.
  *
- * @param secret_enc encrypted secret (FIXME: use different type!)
- * @param trans_sec transfer secret (FIXME: use different type?)
+ * @param secret_enc encrypted secret
+ * @param trans_sec transfer secret
  * @param secret shared secret for refresh link decryption
- *               (FIXME: use different type?)
  * @return #GNUNET_OK on success
  */
 int
 TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
-                        const struct GNUNET_HashCode *trans_sec,
+                        const struct TALER_TransferSecret *trans_sec,
                         struct TALER_LinkSecret *secret);
 
 
@@ -329,13 +342,13 @@ TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
  * to obtain the @a secret_enc.
  *
  * @param secret shared secret for refresh link decryption
- * @param trans_sec transfer secret (FIXME: use different type?)
+ * @param trans_sec transfer secret
  * @param secret_enc[out] encrypted secret
  * @return #GNUNET_OK on success
  */
 int
 TALER_transfer_encrypt (const struct TALER_LinkSecret *secret,
-                        const struct GNUNET_HashCode *trans_sec,
+                        const struct TALER_TransferSecret *trans_sec,
                         struct TALER_EncryptedLinkSecret *secret_enc);
 
 
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c
index 8f7553896..baf5d12aa 100644
--- a/src/mint/taler-mint-httpd_db.c
+++ b/src/mint/taler-mint-httpd_db.c
@@ -918,7 +918,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
     {
       struct RefreshCommitLink commit_link;
       struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
-      struct GNUNET_HashCode transfer_secret;
+      struct TALER_TransferSecret transfer_secret;
       struct TALER_LinkSecret shared_secret;
 
       res = TALER_MINT_DB_get_refresh_commit_link (db_conn,
@@ -946,7 +946,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
       if (GNUNET_OK !=
           GNUNET_CRYPTO_ecc_ecdh ((const struct GNUNET_CRYPTO_EcdhePrivateKey *) &transfer_privs[i+off][j],
                                   (const struct GNUNET_CRYPTO_EcdhePublicKey *) &coin_pub,
-                                  &transfer_secret))
+                                  &transfer_secret.key))
       {
         GNUNET_break (0);
         // FIXME: return 'internal error'?
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 65c586d75..184662987 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -102,7 +102,7 @@ derive_refresh_key (const struct TALER_LinkSecret *secret,
  * @param[out] skey set to session key
  */
 static void
-derive_transfer_key (const struct GNUNET_HashCode *secret,
+derive_transfer_key (const struct TALER_TransferSecret *secret,
                      struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
                      struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
 {
@@ -112,12 +112,12 @@ derive_transfer_key (const struct GNUNET_HashCode *secret,
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
                                     ctx_key, strlen (ctx_key),
-                                    secret, sizeof (struct GNUNET_HashCode),
+                                    secret, sizeof (struct TALER_TransferSecret),
                                     NULL, 0));
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
                                     ctx_iv, strlen (ctx_iv),
-                                    secret, sizeof (struct GNUNET_HashCode),
+                                    secret, sizeof (struct TALER_TransferSecret),
                                     NULL, 0));
 }
 
@@ -127,13 +127,13 @@ derive_transfer_key (const struct GNUNET_HashCode *secret,
  * to obtain the @a secret to decrypt the linkage data.
  *
  * @param secret_enc encrypted secret
- * @param trans_sec transfer secret (FIXME: use different type?)
+ * @param trans_sec transfer secret
  * @param secret shared secret for refresh link decryption
  * @return #GNUNET_OK on success
  */
 int
 TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
-                        const struct GNUNET_HashCode *trans_sec,
+                        const struct TALER_TransferSecret *trans_sec,
                         struct TALER_LinkSecret *secret)
 {
   struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -155,13 +155,13 @@ TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
  * to obtain the @a secret_enc.
  *
  * @param secret shared secret for refresh link decryption
- * @param trans_sec transfer secret (FIXME: use different type?)
+ * @param trans_sec transfer secret
  * @param secret_enc[out] encrypted secret
  * @return #GNUNET_OK on success
  */
 int
 TALER_transfer_encrypt (const struct TALER_LinkSecret *secret,
-                        const struct GNUNET_HashCode *trans_sec,
+                        const struct TALER_TransferSecret *trans_sec,
                         struct TALER_EncryptedLinkSecret *secret_enc)
 {
   struct GNUNET_CRYPTO_SymmetricInitializationVector iv;