diff --git a/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java b/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
index 12f6ce1b7..1114d848c 100644
--- a/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
+++ b/briar-api/src/net/sf/briar/api/transport/ConnectionRecogniser.java
@@ -23,5 +23,7 @@ public interface ConnectionRecogniser {
 
 	void removeSecrets(ContactId c);
 
+	void removeSecrets(TransportId t);
+
 	void removeSecrets();
 }
diff --git a/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java b/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
index f86b65144..9a4af1ec5 100644
--- a/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
+++ b/briar-core/src/net/sf/briar/transport/ConnectionRecogniserImpl.java
@@ -64,6 +64,10 @@ class ConnectionRecogniserImpl implements ConnectionRecogniser {
 			r.removeSecrets(c);
 	}
 
+	public synchronized void removeSecrets(TransportId t) {
+		recognisers.remove(t);
+	}
+
 	public synchronized void removeSecrets() {
 		for(TransportConnectionRecogniser r : recognisers.values())
 			r.removeSecrets();
diff --git a/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java b/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
index d9abc385d..b80a3605b 100644
--- a/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
+++ b/briar-core/src/net/sf/briar/transport/KeyManagerImpl.java
@@ -21,6 +21,7 @@ import net.sf.briar.api.db.DbException;
 import net.sf.briar.api.db.event.ContactRemovedEvent;
 import net.sf.briar.api.db.event.DatabaseEvent;
 import net.sf.briar.api.db.event.DatabaseListener;
+import net.sf.briar.api.db.event.TransportRemovedEvent;
 import net.sf.briar.api.messaging.TransportId;
 import net.sf.briar.api.transport.ConnectionContext;
 import net.sf.briar.api.transport.ConnectionRecogniser;
@@ -63,6 +64,7 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 	}
 
 	public synchronized boolean start() {
+		// Load the temporary secrets and the storage key from the database
 		Collection<TemporarySecret> secrets;
 		try {
 			secrets = db.getSecrets();
@@ -322,6 +324,14 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 				removeAndEraseSecrets(c, incomingOld);
 				removeAndEraseSecrets(c, incomingNew);
 			}
+		} else if(e instanceof TransportRemovedEvent) {
+			TransportId t = ((TransportRemovedEvent) e).getTransportId();
+			recogniser.removeSecrets(t);
+			synchronized(this) {
+				removeAndEraseSecrets(t, outgoing);
+				removeAndEraseSecrets(t, incomingOld);
+				removeAndEraseSecrets(t, incomingNew);
+			}
 		}
 	}
 
@@ -337,6 +347,19 @@ class KeyManagerImpl extends TimerTask implements KeyManager, DatabaseListener {
 		}
 	}
 
+	// Locking: this
+	private void removeAndEraseSecrets(TransportId t,
+			Map<?, TemporarySecret> m) {
+		Iterator<TemporarySecret> it = m.values().iterator();
+		while(it.hasNext()) {
+			TemporarySecret s = it.next();
+			if(s.getTransportId().equals(t)) {
+				ByteUtils.erase(s.getSecret());
+				it.remove();
+			}
+		}
+	}
+
 	private static class EndpointKey {
 
 		private final ContactId contactId;