diff --git a/nts_ke_client.c b/nts_ke_client.c
index d99346d..5e87fe4 100644
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@@ -58,7 +58,7 @@ struct NKC_Instance_Record {
 
 /* ================================================== */
 
-static void *client_credentials = NULL;
+static NKSN_Credentials client_credentials = NULL;
 static int client_credentials_refs = 0;
 
 /* ================================================== */
diff --git a/nts_ke_server.c b/nts_ke_server.c
index 7a45903..4303f70 100644
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -95,7 +95,7 @@ static int initialised = 0;
 
 /* Array of NKSN instances */
 static ARR_Instance sessions;
-static void *server_credentials;
+static NKSN_Credentials server_credentials;
 
 /* ================================================== */
 
diff --git a/nts_ke_session.c b/nts_ke_session.c
index ac6df25..822df21 100644
--- a/nts_ke_session.c
+++ b/nts_ke_session.c
@@ -641,7 +641,7 @@ deinit_gnutls(void)
 
 /* ================================================== */
 
-static void *
+static NKSN_Credentials
 create_credentials(const char *cert, const char *key, const char *trusted_certs)
 {
   gnutls_certificate_credentials_t credentials = NULL;
@@ -679,7 +679,7 @@ create_credentials(const char *cert, const char *key, const char *trusted_certs)
 
   credentials_counter++;
 
-  return credentials;
+  return (NKSN_Credentials)credentials;
 
 error:
   LOG(LOGS_ERR, "Could not set credentials : %s", gnutls_strerror(r));
@@ -691,7 +691,7 @@ error:
 
 /* ================================================== */
 
-void *
+NKSN_Credentials
 NKSN_CreateServerCertCredentials(const char *cert, const char *key)
 {
   return create_credentials(cert, key, NULL);
@@ -699,7 +699,7 @@ NKSN_CreateServerCertCredentials(const char *cert, const char *key)
 
 /* ================================================== */
 
-void *
+NKSN_Credentials
 NKSN_CreateClientCertCredentials(const char *trusted_certs)
 {
   return create_credentials(NULL, NULL, trusted_certs);
@@ -708,9 +708,9 @@ NKSN_CreateClientCertCredentials(const char *trusted_certs)
 /* ================================================== */
 
 void
-NKSN_DestroyCertCredentials(void *credentials)
+NKSN_DestroyCertCredentials(NKSN_Credentials credentials)
 {
-  gnutls_certificate_free_credentials(credentials);
+  gnutls_certificate_free_credentials((gnutls_certificate_credentials_t)credentials);
   credentials_counter--;
   deinit_gnutls();
 }
@@ -758,12 +758,13 @@ NKSN_DestroyInstance(NKSN_Instance inst)
 
 int
 NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
-                  void *credentials, double timeout)
+                  NKSN_Credentials credentials, double timeout)
 {
   assert(inst->state == KE_STOPPED);
 
   inst->tls_session = create_tls_session(inst->server, sock_fd, inst->server_name,
-                                         credentials, priority_cache);
+                                         (gnutls_certificate_credentials_t)credentials,
+                                         priority_cache);
   if (!inst->tls_session)
     return 0;
 
diff --git a/nts_ke_session.h b/nts_ke_session.h
index a5647d5..e5d3ccf 100644
--- a/nts_ke_session.h
+++ b/nts_ke_session.h
@@ -30,6 +30,8 @@
 #include "nts_ke.h"
 #include "siv.h"
 
+typedef struct NKSN_Credentials_Record *NKSN_Credentials;
+
 typedef struct NKSN_Instance_Record *NKSN_Instance;
 
 /* Handler for received NTS-KE messages.  A zero return code stops
@@ -39,11 +41,11 @@ typedef int (*NKSN_MessageHandler)(void *arg);
 /* Get server or client credentials using a server certificate and key,
    or certificates of trusted CAs.  The credentials may be shared between
    different clients or servers. */
-extern void *NKSN_CreateServerCertCredentials(const char *cert, const char *key);
-extern void *NKSN_CreateClientCertCredentials(const char *trusted_certs);
+extern NKSN_Credentials NKSN_CreateServerCertCredentials(const char *cert, const char *key);
+extern NKSN_Credentials NKSN_CreateClientCertCredentials(const char *trusted_certs);
 
 /* Destroy the credentials */
-extern void NKSN_DestroyCertCredentials(void *credentials);
+extern void NKSN_DestroyCertCredentials(NKSN_Credentials credentials);
 
 /* Create an instance */
 extern NKSN_Instance NKSN_CreateInstance(int server_mode, const char *server_name,
@@ -54,7 +56,7 @@ extern void NKSN_DestroyInstance(NKSN_Instance inst);
 
 /* Start a new NTS-KE session */
 extern int NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
-                             void *credentials, double timeout);
+                             NKSN_Credentials credentials, double timeout);
 
 /* Begin an NTS-KE message.  A request should be made right after starting
    the session and response should be made in the message handler. */
diff --git a/test/unit/nts_ke_session.c b/test/unit/nts_ke_session.c
index 1465ac9..0aadc54 100644
--- a/test/unit/nts_ke_session.c
+++ b/test/unit/nts_ke_session.c
@@ -162,7 +162,7 @@ check_finished(void *arg)
 void
 test_unit(void)
 {
-  void *client_cred, *server_cred;
+  NKSN_Credentials client_cred, server_cred;
   int sock_fds[2], i;
 
   LCL_Initialise();