diff --git a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
index 46ff441cb3..fb54235e4f 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
@@ -193,7 +193,9 @@ public class PluginUpdateHandler extends UpdateHandler {
 
             if (up.haveKey(pubkey)) {
                 // the key is already in the TrustedUpdate keyring
-                if (!up.verify(f)) {
+                // verify the sig and verify that it is signed by the keyName in the plugin.config file
+                String signingKeyName = up.verifyAndGetSigner(f);
+                if (!keyName.equals(signingKeyName)) {
                     f.delete();
                     to.delete();
                     updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
@@ -209,7 +211,9 @@ public class PluginUpdateHandler extends UpdateHandler {
                     return;
                 }
                 // ...and try the verify again
-                if (!up.verify(f)) {
+                // verify the sig and verify that it is signed by the keyName in the plugin.config file
+                String signingKeyName = up.verifyAndGetSigner(f);
+                if (!keyName.equals(signingKeyName)) {
                     f.delete();
                     to.delete();
                     updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/WebAppConfiguration.java b/apps/routerconsole/java/src/net/i2p/router/web/WebAppConfiguration.java
index 121145bf3c..c3fcc334aa 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/WebAppConfiguration.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/WebAppConfiguration.java
@@ -81,9 +81,9 @@ public class WebAppConfiguration implements WebApplicationContext.Configuration
             String elem = tok.nextToken().trim();
             String path;
             if (elem.startsWith("$I2P"))
-                path = i2pContext.getBaseDir().getAbsolutePath() + '/' + elem.substring(4);
+                path = i2pContext.getBaseDir().getAbsolutePath() + elem.substring(4);
             else if (elem.startsWith("$PLUGIN"))
-                path = dir.getAbsolutePath() + '/' + elem.substring(7);
+                path = dir.getAbsolutePath() + elem.substring(7);
             else
                 path = dir.getAbsolutePath() + '/' + elem;
             System.err.println("Adding " + path + " to classpath for " + appName);
diff --git a/core/java/src/net/i2p/crypto/TrustedUpdate.java b/core/java/src/net/i2p/crypto/TrustedUpdate.java
index c567fcb310..054d15358c 100644
--- a/core/java/src/net/i2p/crypto/TrustedUpdate.java
+++ b/core/java/src/net/i2p/crypto/TrustedUpdate.java
@@ -682,6 +682,23 @@ D8usM7Dxp5yrDrCYZ5AIijc=
         return false;
     }
 
+    /**
+     * Verifies the DSA signature of a signed update file.
+     * 
+     * @param signedFile The signed update file to check.
+     * 
+     * @return signer (could be empty string) or null if invalid
+     * @since 0.7.12
+     */
+    public String verifyAndGetSigner(File signedFile) {
+        for (SigningPublicKey signingPublicKey : _trustedKeys.keySet()) {
+            boolean isValidSignature = verify(signedFile, signingPublicKey);
+            if (isValidSignature)
+                return _trustedKeys.get(signingPublicKey);
+        }
+        return null;
+    }
+
     /**
      * Verifies the DSA signature of a signed update file.
      *