diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index b903bb9..8d82af8 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: install secp256k1
-      run: ./install_libsecp256k1.sh
+      run: ./ubuntu_install_libsecp256k1.sh
 
     - name: Set up Go
       uses: actions/setup-go@v4
diff --git a/.gitmodules b/.gitmodules
index 68dd151..5742db4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "secp256k1"]
-    path = p256k/secp256k1
+    path = secp256k1
     url = https://github.com/bitcoin-core/secp256k1.git
diff --git a/readme.md b/README.md
similarity index 90%
rename from readme.md
rename to README.md
index cadae38..3b0826d 100644
--- a/readme.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # realy.lol
 
 [![Documentation](https://img.shields.io/badge/godoc-documentation-brightgreen.svg)](https://pkg.go.dev/realy.lol)
+[![Support this project](https://img.shields.io/badge/donate-geyser_crowdfunding_project_page-brightgreen.svg)](https://geyser.fund/project/realy)
 
 ![realy.png](./realy.png)
 
@@ -16,13 +17,14 @@ includes:
 - a cleaned up and unified fork of the btcd/dcred BIP-340 signatures, including the use of
   bitcoin core's BIP-340 implementation (more than 4x faster than btcd)
 - AVX/AVX2 optimized SHA256 and SIMD hex encoder
-- a bespoke, mutable byte slice based hash/pubkey/signature encoding in memory and the fastest
-  nostr binary codec that exists
+- [libsecp256k1](https://github.com/bitcoin/secp256k1)-enabled signature and signature verification
+  (see [here](p256k/README.md))
+- a bespoke, mutable byte slice based hash/pubkey/signature encoding in memory
 - custom badger based event store with a garbage collector that prunes off data with least recent
   access
 - vanity npub generator that can mine a 5 letter prefix in around 15 minutes on a 6 core Ryzen 5
   processor
-- reverse proxy tool with support for Go vanity imports and nip-05 npub DNS verification and own
+- reverse proxy tool with support for Go vanity imports and [nip-05](https://github.com/nostr-protocol/nips/blob/master/05.md) npub DNS verification and own
   TLS certificates
 
 ## Building
diff --git a/_util.go b/_util.go
deleted file mode 100644
index e69de29..0000000
diff --git a/p256k/README.md b/p256k/README.md
index 320cfe6..ee92b5f 100644
--- a/p256k/README.md
+++ b/p256k/README.md
@@ -3,25 +3,37 @@
 This is a library that uses the `bitcoin-core` optimized secp256k1 elliptic
 curve signatures library for `nostr` schnorr signatures.
 
-By default it uses the secp256k1 EC library from
-[btcsuite](https://github.com/btcsuite/btcd)/[decred](https://github.com/decred/dcrd/tree/master/dcrec), 
-the decred is actually where the schnorr signatures are (ikr?) - this repo 
-uses my fork of this mess of shitcoinery and bad, slow Go code is cleaned up 
-and unified in [realy.lol/ec](https://realy.lol/ec) and 
-includes the bech32 and base58check libraries. And the messy precomputed 
-values are upgraded to use the modern "embed" enabling a faster app startup 
-for initialising this array (at the cost of a little more binary size).
+If you need to build it without `libsecp256k1` C library, you must disable cgo:
 
-For ubuntu, you need these
+    export CGO_ENABLED='0'
+
+This enables the fallback `btcec` pure Go library to be used in its place. This
+CGO setting is not default for Go, so it must be set in order to disable this.
+
+The standard `libsecp256k1-0` and `libsecp256k1-dev` available through the
+ubuntu dpkg repositories do not include support for the BIP-340 schnorr
+signatures or the ECDH X-only shared secret generation algorithm, so you must
+follow the following instructions to get the benefits of using this library. It
+is 4x faster at signing and generating shared secrets so it is a must if your
+intention is to use it for high throughput systems like a network transport.
+
+The easy way to install it, if you have ubuntu/debian, is the script
+[../ubuntu_install_libsecp256k1.sh](../ubuntu_install_libsecp256k1.sh), it
+handles the dependencies and runs the build all in one step for you. Note that it 
+
+For ubuntu, you need these:
 
     sudo apt -y install build-essential autoconf libtool  
 
-The directory `pkg/libsecp256k1/secp256k1` needs to be initialized and built
-and installed, like so:
+For other linux distributions, the process is the same but the dependencies are
+likely different. The main thing is it requires make, gcc/++, autoconf and
+libtool to run. The most important thing to point out is that you must enable
+the schnorr signatures feature, and ECDH.
+
+The directory `p256k/secp256k1` needs to be initialized, built and installed,
+like so:
 
 ```bash
-cd p256k
-git clone https://github.com/bitcoin-core/secp256k1.git
 cd secp256k1
 git submodule init
 git submodule update
@@ -32,9 +44,23 @@ just use the default autotools:
 
 ```bash
 ./autogen.sh
-./configure --enable-module-schnorrsig --prefix=/usr
+./configure --enable-module-schnorrsig --enable-module-ecdh --prefix=/usr
 make
 sudo make install
 ```
 
-On WSL2 you may have to attend to various things to make this work, setting up your basic locale (uncomment one or more in `/etc/locale.gen`, and run `locale-gen`), installing the basic build tools (build-essential or base-devel) and of course git, curl, wget, libtool and autoconf.
\ No newline at end of file
+On WSL2 you may have to attend to various things to make this work, setting up
+your basic locale (uncomment one or more in `/etc/locale.gen`, and run
+`locale-gen`), installing the basic build tools (build-essential or base-devel)
+and of course git, curl, wget, libtool and
+autoconf.
+
+## ECDH
+
+TODO: Currently the use of the libsecp256k1 library for ECDH, used in nip-04 and
+nip-44 encryption is not enabled, because the default version uses the Y
+coordinate and this is incorrect for nostr. It will be enabled soon... for now
+it is done with the `btcec` fallback version. This is slower, however previous 
+tests have shown that this ECDH library is fast enough to enable 8mb/s 
+throughput per CPU thread when used to generate a distinct secret for TCP 
+packets. The C library will likely raise this to 20mb/s or more.
\ No newline at end of file
diff --git a/realy/version b/realy/version
index e4dd541..cab9477 100644
--- a/realy/version
+++ b/realy/version
@@ -1 +1 @@
-v1.2.26
\ No newline at end of file
+v1.2.27
\ No newline at end of file
diff --git a/install_libsecp256k1.sh b/ubuntu_install_libsecp256k1.sh
similarity index 82%
rename from install_libsecp256k1.sh
rename to ubuntu_install_libsecp256k1.sh
index a0c0d15..288df4c 100755
--- a/install_libsecp256k1.sh
+++ b/ubuntu_install_libsecp256k1.sh
@@ -9,6 +9,6 @@ git checkout v0.6.0
 git submodule init
 git submodule update
 ./autogen.sh
-./configure --enable-module-schnorrsig --prefix=/usr
+./configure --enable-module-schnorrsig --enable-module-ecdh --prefix=/usr
 make -j1
 sudo make install