diff --git a/java/src/main/java/com/google/rcat/RcatTinkCrypto.java b/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
index b4292f6..5be3a64 100644
--- a/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
+++ b/java/src/main/java/com/google/rcat/RcatTinkCrypto.java
@@ -21,6 +21,7 @@
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.PublicKeySign;
 import com.google.crypto.tink.PublicKeyVerify;
+import com.google.crypto.tink.RegistryConfiguration;
 import com.google.errorprone.annotations.CheckReturnValue;
 import com.google.rcat.error.RcatDecryptionException;
 import com.google.rcat.error.RcatEncryptionException;
@@ -46,7 +47,8 @@ public static class Signer implements RcatCrypto.Signer {
     @Override
     public byte[] sign(byte[] data) throws RcatSigningException {
       try {
-        PublicKeySign signer = this.privateKeysetHandle.getPrimitive(PublicKeySign.class);
+        PublicKeySign signer =
+            this.privateKeysetHandle.getPrimitive(RegistryConfiguration.get(), PublicKeySign.class);
         return signer.sign(data);
       } catch (GeneralSecurityException e) {
         throw new RcatSigningException("Unable to create signature for payload bytes.", e);
@@ -82,7 +84,9 @@ public static class Verifier implements RcatCrypto.Verifier {
     @Override
     public void verify(byte[] signature, byte[] data) throws RcatSignatureValidationException {
       try {
-        PublicKeyVerify verifier = this.publicKeysetHandle.getPrimitive(PublicKeyVerify.class);
+        PublicKeyVerify verifier =
+            this.publicKeysetHandle.getPrimitive(
+                RegistryConfiguration.get(), PublicKeyVerify.class);
         verifier.verify(signature, data);
       } catch (GeneralSecurityException e) {
         throw new RcatSignatureValidationException(
@@ -120,7 +124,8 @@ public static class Encrypter implements RcatCrypto.Encrypter {
     @Override
     public byte[] encrypt(byte[] plaintext, byte[] contextInfo) throws RcatEncryptionException {
       try {
-        HybridEncrypt encrypter = this.publicKeysetHandle.getPrimitive(HybridEncrypt.class);
+        HybridEncrypt encrypter =
+            this.publicKeysetHandle.getPrimitive(RegistryConfiguration.get(), HybridEncrypt.class);
         return encrypter.encrypt(plaintext, contextInfo);
       } catch (GeneralSecurityException e) {
         throw new RcatEncryptionException("Unable to encrypt RCAT token envelope.", e);
@@ -156,7 +161,8 @@ public static class Decrypter implements RcatCrypto.Decrypter {
     @Override
     public byte[] decrypt(byte[] ciphertext, byte[] contextInfo) throws RcatDecryptionException {
       try {
-        HybridDecrypt decrypter = this.privateKeysetHandle.getPrimitive(HybridDecrypt.class);
+        HybridDecrypt decrypter =
+            this.privateKeysetHandle.getPrimitive(RegistryConfiguration.get(), HybridDecrypt.class);
         return decrypter.decrypt(ciphertext, contextInfo);
       } catch (GeneralSecurityException e) {
         throw new RcatDecryptionException("Unable to decrypt RCAT token envelope.", e);
diff --git a/java/src/test/java/com/google/rcat/RcatExceptionTest.java b/java/src/test/java/com/google/rcat/RcatExceptionTest.java
index 600082e..710cf9e 100644
--- a/java/src/test/java/com/google/rcat/RcatExceptionTest.java
+++ b/java/src/test/java/com/google/rcat/RcatExceptionTest.java
@@ -23,6 +23,7 @@
 import com.google.crypto.tink.KeyTemplates;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.RegistryConfiguration;
 import com.google.protobuf.ByteString;
 import com.google.rcat.error.RcatDecryptionException;
 import com.google.rcat.error.RcatExpiredException;
@@ -258,7 +259,8 @@ private byte[] sign(byte[] data) throws GeneralSecurityException {
 
   private byte[] sign(byte[] data, KeysetHandle privateKeysetHandle)
       throws GeneralSecurityException {
-    PublicKeySign signer = privateKeysetHandle.getPrimitive(PublicKeySign.class);
+    PublicKeySign signer =
+        privateKeysetHandle.getPrimitive(RegistryConfiguration.get(), PublicKeySign.class);
     return signer.sign(data);
   }
 
@@ -268,7 +270,8 @@ private byte[] encrypt(byte[] data) throws GeneralSecurityException {
 
   private byte[] encrypt(byte[] data, KeysetHandle publicKeysetHandle)
       throws GeneralSecurityException {
-    HybridEncrypt encrypter = publicKeysetHandle.getPrimitive(HybridEncrypt.class);
+    HybridEncrypt encrypter =
+        publicKeysetHandle.getPrimitive(RegistryConfiguration.get(), HybridEncrypt.class);
     return encrypter.encrypt(data, new byte[0]);
   }
 }