diff --git a/crypto/lux_key.go b/crypto/lux_key.go
index f88232e..9c124f6 100644
--- a/crypto/lux_key.go
+++ b/crypto/lux_key.go
@@ -2,8 +2,10 @@ package crypto
 
 import (
 	"crypto/rand"
+	"encoding/base64"
 	"fmt"
 	"lux/proto"
+	"lux/rpc"
 	"os"
 )
 
@@ -145,3 +147,53 @@ func (ks *LuxKeyStore) Keys() []LuxKey {
 
 	return values
 }
+
+// RPC
+func (ks *LuxKeyStore) GetRpcName() string {
+	return "ks"
+}
+
+func (ks *LuxKeyStore) Register(sv *rpc.LuxRpcServer) {}
+
+func serializeKeyStore(ks *LuxKeyStore) rpc.LuxRpcKeyStore {
+	keyStore := rpc.LuxRpcKeyStore{
+		Hosts: make([]rpc.LuxRpcKeyHost, 0),
+		Nodes: make([]rpc.LuxRpcKeyNode, 0),
+	}
+
+	for id, key := range ks.keys {
+		if key.Type == proto.LuxTypeNode {
+			keyStore.Nodes = append(keyStore.Nodes, rpc.LuxRpcKeyNode{
+				ID:      id.String(),
+				KeyBlob: base64.StdEncoding.EncodeToString(key.Key),
+				IVBlob:  base64.StdEncoding.EncodeToString(key.IV),
+			})
+		} else {
+			keyStore.Hosts = append(keyStore.Hosts, rpc.LuxRpcKeyHost{
+				ID:      id.String(),
+				KeyBlob: base64.StdEncoding.EncodeToString(key.Key),
+				IVBlob:  base64.StdEncoding.EncodeToString(key.IV),
+			})
+		}
+	}
+
+	return keyStore
+}
+
+func (ks *LuxKeyStore) Handle(request rpc.LuxRpcRequest, rpcType rpc.LuxRpcType) (rpc.LuxRpcResponse, rpc.LuxRpcError, bool) {
+	var rpcRes rpc.LuxRpcResponse
+
+	// only root can manage keystore
+	if rpcType != rpc.LuxRpcTypeRoot {
+		return rpcRes, rpc.LUX_RPC_ERROR_ACCESS_DENIED, false
+	}
+
+	if request.Command == "get" {
+		// get all keys, so we need to construct xml object for that
+		return rpc.LuxRpcResponse{
+			Keystore: serializeKeyStore(ks),
+		}, rpc.LuxRpcError{}, true
+	}
+
+	return rpcRes, rpc.LUX_RPC_ERROR_UNKNOWN_COMMAND, false
+}
diff --git a/main.go b/main.go
index 02fafbd..24ef0c4 100644
--- a/main.go
+++ b/main.go
@@ -147,7 +147,7 @@ func nodeMain() {
 
 	// create rpc server
 	sv := rpc.NewLuxRpcServer()
-	// TODO: register node controllers
+	sv.RegisterController(&node)
 
 	// parse and and spawn rpc endpoints
 	for _, rpcPath := range config.RPCEndpoints {
diff --git a/net/lux_router.go b/net/lux_router.go
index df29c6e..dc4685a 100644
--- a/net/lux_router.go
+++ b/net/lux_router.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"lux/crypto"
 	"lux/proto"
+	"lux/rpc"
 	"net"
 	"sync"
 )
@@ -456,3 +457,17 @@ func (r *LuxRouter) Multicast(packet LuxPacket, group proto.LuxType) error {
 
 	return nil
 }
+
+// RPC
+
+func (r *LuxRouter) GetRpcName() string {
+	return "router"
+}
+
+func (r *LuxRouter) Register(sv *rpc.LuxRpcServer) {
+	sv.RegisterController(&r.keyStore)
+}
+
+func (r *LuxRouter) Handle(request rpc.LuxRpcRequest, rpcType rpc.LuxRpcType) (rpc.LuxRpcResponse, rpc.LuxRpcError, bool) {
+	return rpc.LuxRpcResponse{}, rpc.LUX_RPC_ERROR_UNKNOWN_COMMAND, false
+}
diff --git a/node/lux_node.go b/node/lux_node.go
index 7308b5c..f8cd567 100644
--- a/node/lux_node.go
+++ b/node/lux_node.go
@@ -6,6 +6,7 @@ import (
 	"lux/host"
 	"lux/net"
 	"lux/proto"
+	"lux/rpc"
 	"sync"
 
 	ipnet "net"
@@ -245,3 +246,17 @@ func (node *LuxNode) MulticastSync() error {
 	sync.Write(&packet.Buffer)
 	return node.router.Multicast(packet, proto.LuxTypeNode)
 }
+
+// RPC
+
+func (node *LuxNode) GetRpcName() string {
+	return "node"
+}
+
+func (node *LuxNode) Register(sv *rpc.LuxRpcServer) {
+	sv.RegisterController(&node.router)
+}
+
+func (node *LuxNode) Handle(request rpc.LuxRpcRequest, rpcType rpc.LuxRpcType) (rpc.LuxRpcResponse, rpc.LuxRpcError, bool) {
+	return rpc.LuxRpcResponse{}, rpc.LUX_RPC_ERROR_UNKNOWN_COMMAND, false
+}
diff --git a/rpc/lux_rpc_errors.go b/rpc/lux_rpc_errors.go
index aad6f49..299dd66 100644
--- a/rpc/lux_rpc_errors.go
+++ b/rpc/lux_rpc_errors.go
@@ -12,3 +12,8 @@ var LUX_RPC_ERROR_ACCESS_DENIED = LuxRpcError{
 	ErrorCode: 2,
 	Message:   "access denied",
 }
+
+var LUX_RPC_ERROR_UNKNOWN_COMMAND = LuxRpcError{
+	ErrorCode: 3,
+	Message:   "unknown command",
+}
diff --git a/rpc/lux_rpc_server.go b/rpc/lux_rpc_server.go
index d50391c..3f6b18a 100644
--- a/rpc/lux_rpc_server.go
+++ b/rpc/lux_rpc_server.go
@@ -22,6 +22,7 @@ func NewLuxRpcServer() LuxRpcServer {
 
 func (rpc *LuxRpcServer) RegisterController(ctrl LuxRpcController) {
 	rpc.controllers[ctrl.GetRpcName()] = ctrl
+	ctrl.Register(rpc)
 }
 
 func (rpc *LuxRpcServer) HandleRequest(request LuxRpcRequest, rpcType LuxRpcType) (LuxRpcResponse, LuxRpcError, bool) {
@@ -33,8 +34,8 @@ func (rpc *LuxRpcServer) HandleRequest(request LuxRpcRequest, rpcType LuxRpcType
 	if !ok {
 		return LuxRpcResponse{}, LuxRpcError{
 			RequestID: request.RequestID,
-			ErrorCode: 1,
-			Message:   "unknown controller",
+			ErrorCode: LUX_RPC_ERROR_UNKNOWN_CONTROLLER.ErrorCode,
+			Message:   LUX_RPC_ERROR_UNKNOWN_CONTROLLER.Message,
 		}, false
 	}