diff --git a/package-lock.json b/package-lock.json
index 59f4a0e00..69b4a98de 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4781,13 +4781,6 @@
             "dev": true,
             "license": "MIT"
         },
-        "node_modules/@types/libsodium-wrappers": {
-            "version": "0.7.14",
-            "resolved": "https://registry.npmjs.org/@types/libsodium-wrappers/-/libsodium-wrappers-0.7.14.tgz",
-            "integrity": "sha512-5Kv68fXuXK0iDuUir1WPGw2R9fOZUlYlSAa0ztMcL0s0BfIDTqg9GXz8K30VJpPP3sxWhbolnQma2x+/TfkzDQ==",
-            "dev": true,
-            "license": "MIT"
-        },
         "node_modules/@types/lodash": {
             "version": "4.17.20",
             "dev": true,
@@ -10095,21 +10088,10 @@
             "version": "1.12.13",
             "license": "MIT"
         },
-        "node_modules/libsodium": {
-            "version": "0.7.15",
-            "license": "ISC"
-        },
         "node_modules/libsodium-sumo": {
             "version": "0.7.15",
             "license": "ISC"
         },
-        "node_modules/libsodium-wrappers": {
-            "version": "0.7.15",
-            "license": "ISC",
-            "dependencies": {
-                "libsodium": "^0.7.15"
-            }
-        },
         "node_modules/libsodium-wrappers-sumo": {
             "version": "0.7.15",
             "license": "ISC",
@@ -14856,7 +14838,6 @@
                 "@nmshd/transport": "*",
                 "@noble/ciphers": "^2.0.1",
                 "jose": "^6.1.1",
-                "libsodium-wrappers": "^0.7.15",
                 "lodash": "^4.17.21",
                 "sjcl": "^1.0.8",
                 "ts-simple-nameof": "^1.3.3",
@@ -14867,7 +14848,6 @@
                 "@js-soft/docdb-access-mongo": "1.3.1",
                 "@js-soft/node-logger": "1.2.1",
                 "@nmshd/crypto": "2.1.3",
-                "@types/libsodium-wrappers": "^0.7.14",
                 "@types/lodash": "^4.17.20",
                 "@types/sjcl": "^1.0.34",
                 "ts-mockito": "^2.6.1"
diff --git a/packages/consumption/package.json b/packages/consumption/package.json
index b1e08d986..e90979e21 100644
--- a/packages/consumption/package.json
+++ b/packages/consumption/package.json
@@ -73,7 +73,6 @@
         "@nmshd/transport": "*",
         "@noble/ciphers": "^2.0.1",
         "jose": "^6.1.1",
-        "libsodium-wrappers": "^0.7.15",
         "lodash": "^4.17.21",
         "sjcl": "^1.0.8",
         "ts-simple-nameof": "^1.3.3",
@@ -84,7 +83,6 @@
         "@js-soft/docdb-access-mongo": "1.3.1",
         "@js-soft/node-logger": "1.2.1",
         "@nmshd/crypto": "2.1.3",
-        "@types/libsodium-wrappers": "^0.7.14",
         "@types/lodash": "^4.17.20",
         "@types/sjcl": "^1.0.34",
         "ts-mockito": "^2.6.1"
diff --git a/packages/consumption/src/modules/openid4vc/local/EnmeshedHolderKeyManagmentService.ts b/packages/consumption/src/modules/openid4vc/local/EnmeshedHolderKeyManagmentService.ts
index d0dbe688f..5f8af22dc 100644
--- a/packages/consumption/src/modules/openid4vc/local/EnmeshedHolderKeyManagmentService.ts
+++ b/packages/consumption/src/modules/openid4vc/local/EnmeshedHolderKeyManagmentService.ts
@@ -1,6 +1,7 @@
 import { AgentContext, Kms } from "@credo-ts/core";
 import { ec as EC } from "elliptic";
-import _sodium from "libsodium-wrappers";
+
+import { SodiumWrapper } from "@nmshd/crypto";
 import sjcl from "sjcl";
 import { KeyStorage } from "./KeyStorage";
 
@@ -15,8 +16,8 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
 
     public readonly backend = EnmshedHolderKeyManagmentService.backend;
 
-    private readonly b64url = (bytes: Uint8Array) => _sodium.to_base64(bytes, _sodium.base64_variants.URLSAFE_NO_PADDING);
-    private readonly b64urlDecode = (b64url: string) => _sodium.from_base64(b64url, _sodium.base64_variants.URLSAFE_NO_PADDING);
+    private readonly b64url = (bytes: Uint8Array) => SodiumWrapper.sodium.to_base64(bytes, (SodiumWrapper.sodium as any).base64_variants.URLSAFE_NO_PADDING);
+    private readonly b64urlDecode = (b64url: string) => SodiumWrapper.sodium.from_base64(b64url, (SodiumWrapper.sodium as any).base64_variants.URLSAFE_NO_PADDING);
 
     // please note: we cannot use buffer here - because it is not available in the browser
     // and yes it could be pollyfilled but that extends the bundle size for no good reason
@@ -75,7 +76,7 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
     public async createKey<Type extends Kms.KmsCreateKeyType>(agentContext: AgentContext, options: Kms.KmsCreateKeyOptions<Type>): Promise<Kms.KmsCreateKeyReturn<Type>> {
         options.keyId ??= "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function (c) {
             // Use libsodium's randombytes_uniform for secure random number generation
-            const r = _sodium.randombytes_uniform(16);
+            const r = SodiumWrapper.sodium.randombytes_uniform(16);
             const v = c === "x" ? r : (r & 0x3) | 0x8;
             return v.toString(16);
         });
@@ -114,12 +115,9 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
             return { keyId: options.keyId, publicJwk: publicJwk as Kms.KmsJwkPublic } as Kms.KmsCreateKeyReturn<Type>;
         }
 
-        await _sodium.ready;
-        const sodium = _sodium;
-
-        const { keyType, publicKey, privateKey } = sodium.crypto_sign_keypair();
+        const { keyType, publicKey, privateKey } = SodiumWrapper.sodium.crypto_sign_keypair();
         agentContext.config.logger.debug(`EKM: Created OKP key pair with id ${options.keyId} and keyType ${keyType}`);
-        const seed = privateKey.slice(0, sodium.crypto_sign_SEEDBYTES);
+        const seed = privateKey.slice(0, (SodiumWrapper.sodium as any).crypto_sign_SEEDBYTES);
 
         // Public JWK
         const publicJwk = {
@@ -192,10 +190,8 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
             } as Kms.KmsSignReturn);
         }
 
-        await _sodium.ready;
-        const sodium = _sodium;
-        const decode = (bytes: string) => sodium.from_base64(bytes, sodium.base64_variants.URLSAFE_NO_PADDING);
-        // get the priavte key bytes
+        const decode = (bytes: string) => SodiumWrapper.sodium.from_base64(bytes, (SodiumWrapper.sodium as any).base64_variants.URLSAFE_NO_PADDING);
+        // get the private key bytes
         if (privateKey.d === undefined) {
             throw new Error("Private key does not contain 'd' parameter");
         }
@@ -213,7 +209,7 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
         fullPrivateKeyBytes.set(publicKeyBytes, privateKeyBytes.length);
 
         // and use it to sign the data
-        const signature = sodium.crypto_sign_detached(options.data, fullPrivateKeyBytes);
+        const signature = SodiumWrapper.sodium.crypto_sign_detached(options.data, fullPrivateKeyBytes);
 
         return {
             signature: signature as Uint8Array<ArrayBuffer> // I hope this cast doesn't paper over something
@@ -396,6 +392,6 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
     }
     public randomBytes(agentContext: AgentContext, options: Kms.KmsRandomBytesOptions): Kms.KmsRandomBytesReturn {
         agentContext.config.logger.debug(`EKM: Generating ${options.length} random bytes`);
-        return _sodium.randombytes_buf(options.length); // Uint8Array
+        return SodiumWrapper.sodium.randombytes_buf(options.length); // Uint8Array
     }
 }