diff --git a/libloki/crypto.js b/libloki/crypto.js
index 7a0c7a271..dedda4016 100644
--- a/libloki/crypto.js
+++ b/libloki/crypto.js
@@ -158,6 +158,27 @@
     }
   }
 
+  async function decryptToken(ivAndCipherText64, serverPubKey64) {
+    const ivAndCipherText = new Uint8Array(
+      dcodeIO.ByteBuffer.fromBase64(ivAndCipherText64).toArrayBuffer()
+    );
+    const iv = ivAndCipherText.slice(0, IV_LENGTH);
+    const cipherText = ivAndCipherText.slice(IV_LENGTH);
+
+    const serverPubKey = new Uint8Array(
+      dcodeIO.ByteBuffer.fromBase64(serverPubKey64).toArrayBuffer()
+    );
+    const { privKey } = await textsecure.storage.protocol.getIdentityKeyPair();
+    const symmetricKey = libsignal.Curve.calculateAgreement(
+      serverPubKey,
+      privKey
+    );
+
+    const token = await libsignal.crypto.decrypt(symmetricKey, cipherText, iv);
+    const tokenString = dcodeIO.ByteBuffer.wrap(token).toString('utf8');
+    return tokenString;
+  }
+
   const snodeCipher = new LokiSnodeChannel();
 
   window.libloki.crypto = {
@@ -166,6 +187,7 @@
     FallBackSessionCipher,
     FallBackDecryptionError,
     snodeCipher,
+    decryptToken,
     // for testing
     _LokiSnodeChannel: LokiSnodeChannel,
     _decodeSnodeAddressToPubKey: decodeSnodeAddressToPubKey,
diff --git a/libtextsecure/errors.js b/libtextsecure/errors.js
index 7e16d4ecf..0343a836f 100644
--- a/libtextsecure/errors.js
+++ b/libtextsecure/errors.js
@@ -263,6 +263,16 @@
     }
   }
 
+  function PublicTokenError(message) {
+    this.name = 'PublicTokenError';
+
+    ReplayableError.call(this, {
+      name: 'PublicTokenError',
+      message,
+    });
+  }
+  inherit(ReplayableError, PublicTokenError);
+
   function TimestampError(message) {
     this.name = 'TimeStampError';
 
@@ -305,4 +315,5 @@
   window.textsecure.WrongDifficultyError = WrongDifficultyError;
   window.textsecure.TimestampError = TimestampError;
   window.textsecure.PublicChatError = PublicChatError;
+  window.textsecure.PublicTokenError = PublicTokenError;
 })();