diff --git a/core/packet.go b/core/packet.go
deleted file mode 100644
index 641aa134..00000000
--- a/core/packet.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package core
-
-import "net"
-
-func ListenPacket(network, address string, ciph PacketConnCipher) (net.PacketConn, error) {
-	c, err := net.ListenPacket(network, address)
-	return ciph.PacketConn(c), err
-}
diff --git a/core/stream.go b/core/stream.go
deleted file mode 100644
index 5c773cd2..00000000
--- a/core/stream.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package core
-
-import "net"
-
-type listener struct {
-	net.Listener
-	StreamConnCipher
-}
-
-func Listen(network, address string, ciph StreamConnCipher) (net.Listener, error) {
-	l, err := net.Listen(network, address)
-	return &listener{l, ciph}, err
-}
-
-func (l *listener) Accept() (net.Conn, error) {
-	c, err := l.Listener.Accept()
-	return l.StreamConn(c), err
-}
-
-func Dial(network, address string, ciph StreamConnCipher) (net.Conn, error) {
-	c, err := net.Dial(network, address)
-	return ciph.StreamConn(c), err
-}
diff --git a/main.go b/main.go
index ee90b773..c35eb55f 100644
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/url"
 	"os"
@@ -30,6 +31,7 @@ func main() {
 		Client     string
 		Server     string
 		Cipher     string
+		KeyFile    string
 		Key        string
 		Password   string
 		Keygen     int
@@ -47,7 +49,8 @@ func main() {
 
 	flag.BoolVar(&config.Verbose, "verbose", false, "verbose mode")
 	flag.StringVar(&flags.Cipher, "cipher", "AEAD_CHACHA20_POLY1305", "available ciphers: "+strings.Join(core.ListCipher(), " "))
-	flag.StringVar(&flags.Key, "key", "", "base64url-encoded key (derive from password if empty)")
+	flag.StringVar(&flags.KeyFile, "key-file", "", "path of base64url-encoded key file")
+	flag.StringVar(&flags.Key, "key", "", "base64url-encoded key (derive from password if both key-file and key are empty)")
 	flag.IntVar(&flags.Keygen, "keygen", 0, "generate a base64url-encoded random key of given length in byte")
 	flag.StringVar(&flags.Password, "password", "", "password")
 	flag.StringVar(&flags.Server, "s", "", "server listen address or url")
@@ -68,7 +71,10 @@ func main() {
 
 	if flags.Keygen > 0 {
 		key := make([]byte, flags.Keygen)
-		io.ReadFull(rand.Reader, key)
+		_, err := io.ReadFull(rand.Reader, key)
+		if err != nil {
+			log.Fatal(err)
+		}
 		fmt.Println(base64.URLEncoding.EncodeToString(key))
 		return
 	}
@@ -78,9 +84,21 @@ func main() {
 		return
 	}
 
-	var key []byte
+	var encodedKey string
+	if flags.KeyFile != "" {
+		e, err := ioutil.ReadFile(flags.KeyFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		encodedKey = string(e)
+	}
 	if flags.Key != "" {
-		k, err := base64.URLEncoding.DecodeString(flags.Key)
+		encodedKey = flags.Key
+	}
+
+	var key []byte
+	if encodedKey != "" {
+		k, err := base64.URLEncoding.DecodeString(encodedKey)
 		if err != nil {
 			log.Fatal(err)
 		}