diff --git a/src/cryptoki.cxx b/src/cryptoki.cxx
index 1bf9424..aec4250 100644
--- a/src/cryptoki.cxx
+++ b/src/cryptoki.cxx
@@ -212,7 +212,9 @@ namespace cryptoki {
     CK_ATTRIBUTE* a(0);
     try {
       if (attrs.size()) {
-        //! @todo imlement attribute filtering
+        a = new CK_ATTRIBUTE[attrs.size()];
+        for (AttributeList::size_type i(0); i<attrs.size(); ++i)
+          a[i] = attrs[i];
       }
       //! calls @c C_FindObjectsInit
       if (check(_slot._init->_fn->C_FindObjectsInit
@@ -237,4 +239,39 @@ namespace cryptoki {
     }
   }
   
+  //----------------------------------------------------------------------------
+  Object Session::createCertificate(const std::string& derSubject,
+                                    const std::string& desValue) {
+    AttributeList attrs;
+    attrs.push_back(Attribute(CKA_CLASS)
+                    .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE));
+    attrs.push_back(Attribute(CKA_CERTIFICATE_TYPE)
+                    .from<CK_CERTIFICATE_TYPE>(CKC_X_509));
+    attrs.push_back(Attribute(CKA_SUBJECT, derSubject));
+    attrs.push_back(Attribute(CKA_VALUE, desValue));
+    return create(attrs);
+  }
+
+  //----------------------------------------------------------------------------
+  Object Session::create(const AttributeList& attrs) {
+    CK_ATTRIBUTE* a(0);
+    try {
+      if (attrs.size()) {
+        a = new CK_ATTRIBUTE[attrs.size()];
+        for (AttributeList::size_type i(0); i<attrs.size(); ++i)
+          a[i] = attrs[i];
+      }
+      CK_OBJECT_HANDLE object;
+      //! calls @c C_CreateObject
+      check(_slot._init->_fn->C_CreateObject
+            (_session, a, attrs.size(), &object),
+            CRYPTOKI_FN_LOG("C_CreateObject"));
+      delete[] a;
+      return Object(*this, object);
+    } catch (...) {
+      delete[] a;
+      throw;
+    }
+  }
+
 }
diff --git a/src/cryptoki.hxx b/src/cryptoki.hxx
index 3e52a8d..57aec45 100644
--- a/src/cryptoki.hxx
+++ b/src/cryptoki.hxx
@@ -36,31 +36,45 @@ namespace cryptoki {
     #endif
     #define UNDEF_CRYPTOKI_FN_LOG
   #endif
-  
-  inline std::string hex(const std::string& data) {
-    std::stringstream res;
-    for (std::string::const_iterator it(data.begin()); it!=data.end(); ++it)
-      res<<std::hex<<std::setfill('0')<<std::setw(2)
-         <<(unsigned int)(unsigned char)*it;
-    return res.str();
-  }
 
   static const std::string LETTER_CHARS
       ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
   static const std::string NUMBER_CHARS
       ("0123456789");
+  //! Contains @c @ in addition to standard characters.
   static const std::string GRAFIC_CHARS
-      ("!\"#%&'()*+,-./:;<=>?[\\]^_{|}~");
+      ("!\"#%&'()*+,-./:;<=>?[\\]^_{|}~@");
   static const std::string BLANK_CHARS
       (" ");
   static const std::string VALID_CHARS
       (LETTER_CHARS+NUMBER_CHARS+GRAFIC_CHARS+BLANK_CHARS);
+  
+  inline std::string hex(const std::string& data,
+                         std::string::size_type len=20) {
+    std::stringstream res;
+    std::string::size_type pos(0);
+    for (std::string::const_iterator it(data.begin()); it!=data.end(); ++it) {
+      res<<std::hex<<std::setfill('0')<<std::setw(2)
+         <<(unsigned int)(unsigned char)*it;
+      ++pos;
+      if (pos%len==0 || pos==data.size()) {
+        res<<std::string(2*(len-(pos-1)%len), ' ');
+        for (std::string::size_type i(pos-(pos-1)%len-1); i<pos; ++i)
+          res<<(VALID_CHARS.find(data[i])==std::string::npos?'.':data[i]);
+        if (pos!=data.size()) res<<std::endl;
+      }
+    }
+    return res.str();
+  }
 
-  inline std::string readable(const std::string& data) {
-    if (data.find_first_not_of(VALID_CHARS)<data.size())
-      return "0x"+hex(data);
+  inline std::string readable(const std::string& data,
+                              std::string::size_type len=20) {
+    if (!data.size())
+      return "<empty>";
+    else if (data.find_first_not_of(VALID_CHARS)<data.size())
+      return hex(data);
     else
-      return data;
+      return "\""+data+"\"";
   }
 
   inline std::string string(CK_ULONG num) {
@@ -121,6 +135,7 @@ namespace cryptoki {
 
   struct Attribute {
       Attribute(CK_ATTRIBUTE_TYPE t = -1): type(t) {}
+      Attribute(CK_ATTRIBUTE_TYPE t, const std::string& v): type(t), value(v) {}
       Attribute(CK_ATTRIBUTE& attr):
           type(attr.type), value((char*)attr.pValue, attr.ulValueLen) {
         free(attr.pValue);
@@ -130,6 +145,18 @@ namespace cryptoki {
         value = v;
         return *this;
       }
+      //! Convert to a @c CK_ATTRIBUTE.
+      /*! @note @c pValue points to the internal buffer of this
+          element and must therefore not be changed. Also this object
+          must not be destructed before the returned @c
+          CK_ATTRIBUTE. */
+      operator CK_ATTRIBUTE() const {
+        CK_ATTRIBUTE a;
+        a.type = type;
+        a.pValue = const_cast<char*>(value.begin().operator->());
+        a.ulValueLen = value.size();
+        return a;
+      }
       std::string name() {
         switch (type) {
           case CKA_CLASS: return "CLASS";
@@ -213,6 +240,10 @@ namespace cryptoki {
           default: return readable(value);
         }
       }
+      template<typename TYPE> Attribute from(const TYPE& v) {
+        value = std::string((char*)&v, sizeof(TYPE));
+        return *this;
+      }
       CK_ATTRIBUTE_TYPE type;
       std::string value;
   };
@@ -845,8 +876,13 @@ namespace cryptoki {
           Functions. They provide a higher level simpler access. */
       //@{
 
+      //! Get a list of matching objects.
       ObjectList find(const AttributeList& attrs=AttributeList());
 
+      //! Create a new Certificate Object.
+      Object createCertificate(const std::string& derSubject,
+                               const std::string& desValue);
+      
       //@}
       
       /*! @name                                            C Like Error Handling
@@ -874,12 +910,15 @@ namespace cryptoki {
           Direct access to the low level cryptoki API. Better use the
           comfort methods. */
       //@{
+      
       bool cancel() {
         //! calls @c C_CancelFunction
         return check(_slot._init->_fn->C_CancelFunction(_session),
                      CRYPTOKI_FN_LOG("C_CancelFunction"));
       }
 
+      //! Create a new object.
+      Object create(const AttributeList& attrs);
 
       std::string decrypt(std::string in) {
         std::string res;
@@ -1343,16 +1382,6 @@ namespace cryptoki {
       }
           @endcode */
 
-      /*! @todo Not implemented:
-          @code
-      bool createobject() {
-        //! calls @c C_CreateObject
-        return check(_session->_slot._init->_fn->C_CreateObject(_session->_session, CK_ATTRIBUTE_PTR, CK_ULONG,
-                                    CK_OBJECT_HANDLE_PTR),
-                     CRYPTOKI_FN_LOG("C_CreateObject"));
-      }
-          @endcode */
-
       bool decryptinit(CK_MECHANISM_TYPE type, std::string param,
                        const Object& key) {
         CK_MECHANISM mech = {
@@ -1722,7 +1751,6 @@ namespace cryptoki {
       //@}
       
   };
-#endif
   
   #ifdef UNDEF_CRYPTOKI_FN_LOG // cleanup if it was set in here
     #undef CRYPTOKI_FN_LOG
@@ -1730,3 +1758,4 @@ namespace cryptoki {
   #endif
 
 }
+#endif