diff --git a/lib/dnsjava-2.0.6-vrsn-4.jar b/lib/dnsjava-2.0.6-vrsn-4.jar
deleted file mode 100644
index b7e17a4..0000000
Binary files a/lib/dnsjava-2.0.6-vrsn-4.jar and /dev/null differ
diff --git a/lib/dnsjava-2.0.7.jar b/lib/dnsjava-2.0.7.jar
new file mode 100644
index 0000000..3c228e9
Binary files /dev/null and b/lib/dnsjava-2.0.7.jar differ
diff --git a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
index 103e4f3..d9ea7b0 100644
--- a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
+++ b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
@@ -48,6 +48,7 @@ public class ProtoNSEC3
   private int     dclass;
   private long    ttl;
 
+  static base32 b32 = new base32(base32.Alphabet.BASE32HEX, true, true);
   /**
    * Creates an NSEC3 Record from the given data.
    */
@@ -79,7 +80,7 @@ public class ProtoNSEC3
   private String hashToString(byte[] hash)
   {
     if (hash == null) return null;
-    return base32.toString(hash).toLowerCase();
+    return b32.toString(hash);
   }
 
   public Name getName()
@@ -116,14 +117,14 @@ public class ProtoNSEC3
 
   public boolean getOptOutFlag()
   {
-    return (flags & NSEC3Record.OPT_OUT_FLAG) != 0;
+    return (flags & NSEC3Record.Flags.OPT_OUT) != 0;
   }
 
   public void setOptOutFlag(boolean optOutFlag)
   {
-    if (optOutFlag) this.flags |= NSEC3Record.OPT_OUT_FLAG;
+    if (optOutFlag) this.flags |= NSEC3Record.Flags.OPT_OUT;
     else
-      this.flags &= ~NSEC3Record.OPT_OUT_FLAG;
+      this.flags &= ~NSEC3Record.Flags.OPT_OUT;
   }
 
   public long getTTL()
@@ -183,10 +184,10 @@ public class ProtoNSEC3
 
   public NSEC3Record getNSEC3Record()
   {
-    String comment = (originalOwner == null) ? "(unknown original ownername)"
-        : originalOwner.toString();
+//    String comment = (originalOwner == null) ? "(unknown original ownername)"
+//        : originalOwner.toString();
     return new NSEC3Record(getName(), dclass, ttl, hashAlg, flags, iterations,
-        salt, next, getTypes(), comment);
+        salt, next, getTypes());
   }
 
   public void mergeTypes(TypeMap new_types)
@@ -228,8 +229,7 @@ public class ProtoNSEC3
     sb.append(' ');
     sb.append(salt == null ? "-" : base16.toString(salt));
     sb.append(' ');
-    String nextstr = (next == null) ? "(null)" : base32.toString(next)
-        .toLowerCase();
+    String nextstr = (next == null) ? "(null)" : b32.toString(next);
     sb.append(nextstr);
 
     int[] types = getTypes();
diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java
index f6905ba..813d8d8 100644
--- a/src/com/verisignlabs/dnssec/security/SignUtils.java
+++ b/src/com/verisignlabs/dnssec/security/SignUtils.java
@@ -1053,7 +1053,7 @@ public class SignUtils
                                           boolean optIn, int[] types)
       throws NoSuchAlgorithmException
   {
-    byte[] hash = NSEC3Record.hash(name, NSEC3Record.SHA1_DIGEST_ID,
+    byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID,
                                    iterations, salt);
     byte flags = (byte) (optIn ? 0x01 : 0x00);
 
@@ -1433,4 +1433,49 @@ public class SignUtils
       return null;
     }
   }
+
+  /**
+   * Calculate an NSEC3 hash based on a DNS name and NSEC3 hash parameters.
+   *
+   * @param n The name to hash.
+   * @param hash_algorithm The hash algorithm to use.
+   * @param iterations The number of iterations to do.
+   * @param salt The salt to use.
+   * @return The calculated hash as a byte array.
+   * @throws NoSuchAlgorithmException If the hash algorithm is unrecognized.
+   */
+  public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations,
+      byte[] salt) throws NoSuchAlgorithmException
+  {
+    MessageDigest md;
+
+    switch (hash_algorithm)
+    {
+      case NSEC3Record.SHA1_DIGEST_ID:
+        md = MessageDigest.getInstance("SHA1");
+        break;
+      default :
+        throw new NoSuchAlgorithmException(
+            "Unknown NSEC3 algorithm identifier: " + hash_algorithm);
+    }
+
+    // Construct our wire form.
+    byte[] wire_name = n.toWireCanonical();
+    byte[] res = wire_name; // for the first iteration.
+    for (int i = 0; i <= iterations; i++)
+    {
+      // Concatenate the salt, if it exists.
+      if (salt != null)
+      {
+        byte[] concat = new byte[res.length + salt.length];
+        System.arraycopy(res, 0, concat, 0, res.length);
+        System.arraycopy(salt, 0, concat, res.length, salt.length);
+        res = concat;
+      }
+      res = md.digest(res);
+    }
+
+    return res;
+  }
+
 }