diff --git a/libi2pd/Crypto.cpp b/libi2pd/Crypto.cpp
index 0630091a..68297ace 100644
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@@ -1228,6 +1228,23 @@ namespace crypto
 #endif		
 	}
 
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+#if OPENSSL_AEAD_CHACHA20_POLY1305
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		EVP_EncryptInit_ex(ctx, EVP_chacha20 (), 0, key, nonce);
+		int outlen = 0;
+		EVP_EncryptUpdate(ctx, out, &outlen, msg, msgLen);
+		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
+		EVP_CIPHER_CTX_free (ctx);
+#else
+		chacha::Chacha20State state;
+		chacha::Chacha20Init (state, nonce, key, 0);	
+		if (out != msg) memcpy (out, msg, msgLen);
+		chacha::Chacha20Encrypt (state, out, msgLen);
+#endif
+	}
+
 // init and terminate
 
 /*	std::vector <std::unique_ptr<std::mutex> >  m_OpenSSLMutexes;
diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h
index 46baf095..fb1b6fad 100644
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@@ -290,6 +290,8 @@ namespace crypto
 
 	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
 
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
+
 // init and terminate
 	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp
index a5b0981c..4ce9d344 100644
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@@ -473,11 +473,15 @@ namespace data
 			H ("subcredential", { {credential, 32}, {blindedPublicKey, blindedKeyLen} }, subcredential);
 			// outerInput = subcredential || publishedTimestamp
 			memcpy (subcredential + 32, publishedTimestamp, 4);
-			// outerSalt = outerCiphertext[32:end]
+			// outerSalt = outerCiphertext[0:32]
 			// keys = HKDF(outerSalt, outerInput, "ELS2_L1K", 44)
 			uint8_t outerKey[44];
-			HKDF (outerCiphertext + lenOuterCiphertext - 32, {subcredential, 36}, "ELS2_L1K", outerKey, 44);
-			// decrypt using chacha20
+			HKDF (outerCiphertext, {subcredential, 36}, "ELS2_L1K", outerKey, 44);
+			// decrypt Layer 1
+			// outerKey = keys[0:31]
+			// outerIV = keys[32:43]
+			std::vector<uint8_t> outerPlainText (lenOuterCiphertext - 32);
+			i2p::crypto::ChaCha20 (outerCiphertext + 32, lenOuterCiphertext - 32, outerKey, outerKey + 32, outerPlainText.data ());
 		}	
 	}