diff --git a/pkg/jsonsign/keys.go b/pkg/jsonsign/keys.go
index 6eac1b7ba..14a2ae42f 100644
--- a/pkg/jsonsign/keys.go
+++ b/pkg/jsonsign/keys.go
@@ -27,7 +27,7 @@ import (
 	"strings"
 
 	"camlistore.org/pkg/osutil"
-
+	"camlistore.org/pkg/wkfs"
 	"camlistore.org/third_party/code.google.com/p/go.crypto/openpgp"
 	"camlistore.org/third_party/code.google.com/p/go.crypto/openpgp/armor"
 	"camlistore.org/third_party/code.google.com/p/go.crypto/openpgp/packet"
@@ -49,7 +49,7 @@ func ParseArmoredPublicKey(r io.Reader) (shortKeyId, armoredKey string, err erro
 }
 
 func VerifyPublicKeyFile(file, keyid string) (bool, error) {
-	f, err := os.Open(file)
+	f, err := wkfs.Open(file)
 	if err != nil {
 		return false, err
 	}
@@ -105,7 +105,7 @@ func EntityFromSecring(keyId, keyFile string) (*openpgp.Entity, error) {
 	if keyFile == "" {
 		keyFile = osutil.SecretRingFile()
 	}
-	secring, err := os.Open(keyFile)
+	secring, err := wkfs.Open(keyFile)
 	if err != nil {
 		return nil, fmt.Errorf("jsonsign: failed to open keyring: %v", err)
 	}
@@ -177,7 +177,7 @@ func WriteKeyRing(w io.Writer, el openpgp.EntityList) error {
 // ring file secRing. It expects only one keyId in this secret ring
 // and returns an error otherwise.
 func KeyIdFromRing(secRing string) (keyId string, err error) {
-	f, err := os.Open(secRing)
+	f, err := wkfs.Open(secRing)
 	if err != nil {
 		return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err)
 	}
@@ -204,7 +204,7 @@ func GenerateNewSecRing(secRing string) (keyId string, err error) {
 	if err := os.MkdirAll(filepath.Dir(secRing), 0700); err != nil {
 		return "", err
 	}
-	f, err := os.OpenFile(secRing, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0600)
+	f, err := wkfs.OpenFile(secRing, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0600)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/jsonsign/sign.go b/pkg/jsonsign/sign.go
index aa9dbee0d..79a0908b2 100644
--- a/pkg/jsonsign/sign.go
+++ b/pkg/jsonsign/sign.go
@@ -21,7 +21,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"os"
 	"strings"
 	"sync"
 	"time"
@@ -29,6 +28,7 @@ import (
 
 	"camlistore.org/pkg/blob"
 	"camlistore.org/pkg/osutil"
+	"camlistore.org/pkg/wkfs"
 	"camlistore.org/third_party/code.google.com/p/go.crypto/openpgp"
 	"camlistore.org/third_party/code.google.com/p/go.crypto/openpgp/packet"
 )
@@ -77,7 +77,7 @@ func (ce *CachingEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, erro
 }
 
 func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) {
-	f, err := os.Open(fe.File)
+	f, err := wkfs.Open(fe.File)
 	if err != nil {
 		return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err)
 	}
@@ -182,7 +182,7 @@ func (sr *SignRequest) Sign() (signedJSON string, err error) {
 		if file == "" {
 			return "", errors.New("jsonsign: no EntityFetcher, and no secret ring file defined.")
 		}
-		secring, err := os.Open(sr.secretRingPath())
+		secring, err := wkfs.Open(sr.secretRingPath())
 		if err != nil {
 			return "", fmt.Errorf("jsonsign: failed to open secret ring file %q: %v", sr.secretRingPath(), err)
 		}