diff --git a/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java b/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
index 12f6ce1b7ac5b2e4e98a2a45a729ccb0b17c781e..1114d848c8a203137c11913b297ddfbdc81cd7fd 100644
--- a/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
+++ b/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
@@ -23,5 +23,7 @@ public interface ConnectionRecogniser {
 
 	void removeSecrets(ContactId c);
 
+	void removeSecrets(TransportId t);
+
 	void removeSecrets();
 }
diff --git a/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java b/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
index f86b651447cb04ac8c7e921dc79bd4bd82da8f65..9a4af1ec5db0216f3c71e04b084049666777e776 100644
--- a/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
+++ b/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
@@ -64,6 +64,10 @@ class ConnectionRecogniserImpl implements ConnectionRecogniser {
 			r.removeSecrets(c);
 	}
 
+	public synchronized void removeSecrets(TransportId t) {
+		recognisers.remove(t);
+	}
+
 	public synchronized void removeSecrets() {
 		for(TransportConnectionRecogniser r : recognisers.values())
 			r.removeSecrets();
diff --git a/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java b/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
index d9abc385ded94d195d0dfcb9f12c2c554c438225..b80a3605b359ca3cdeded3d136c0ec1c717368b6 100644
--- a/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
+++ b/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
@@ -21,6 +21,7 @@ import net.sf.briar.api.db.DbException;
 import net.sf.briar.api.db.event.ContactRemovedEvent;
 import net.sf.briar.api.db.event.DatabaseEvent;
 import net.sf.briar.api.db.event.DatabaseListener;
+import net.sf.briar.api.db.event.TransportRemovedEvent;
 import net.sf.briar.api.messaging.TransportId;
 import net.sf.briar.api.transport.ConnectionContext;
 import net.sf.briar.api.transport.ConnectionRecogniser;
@@ -63,6 +64,7 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 	}
 
 	public synchronized boolean start() {
+		// Load the temporary secrets and the storage key from the database
 		Collection<TemporarySecret> secrets;
 		try {
 			secrets = db.getSecrets();
@@ -322,6 +324,14 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 				removeAndEraseSecrets(c, incomingOld);
 				removeAndEraseSecrets(c, incomingNew);
 			}
+		} else if(e instanceof TransportRemovedEvent) {
+			TransportId t = ((TransportRemovedEvent) e).getTransportId();
+			recogniser.removeSecrets(t);
+			synchronized(this) {
+				removeAndEraseSecrets(t, outgoing);
+				removeAndEraseSecrets(t, incomingOld);
+				removeAndEraseSecrets(t, incomingNew);
+			}
 		}
 	}
 
@@ -337,6 +347,19 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 		}
 	}
 
+	// Locking: this
+	private void removeAndEraseSecrets(TransportId t,
+			Map<?, TemporarySecret> m) {
+		Iterator<TemporarySecret> it = m.values().iterator();
+		while(it.hasNext()) {
+			TemporarySecret s = it.next();
+			if(s.getTransportId().equals(t)) {
+				ByteUtils.erase(s.getSecret());
+				it.remove();
+			}
+		}
+	}
+
 	private static class EndpointKey {
 
 		private final ContactId contactId;