diff --git a/.gitignore b/.gitignore
index 694044e..98ed7e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .idea
 config.yml
+.vscode
 
 # ---> Python
 # Byte-compiled / optimized / DLL files
diff --git a/esp32/telelogger/teleclient.cpp b/esp32/telelogger/teleclient.cpp
index 4119266..845bdf6 100644
--- a/esp32/telelogger/teleclient.cpp
+++ b/esp32/telelogger/teleclient.cpp
@@ -305,25 +305,11 @@ bool TeleClientUDP::notify(byte event, const char* payload)
 
     // decrypt received data
 #if SERVER_ENCRYPTION_ENABLE == 1
-    Serial.println("decrypting data");
-
-    if (bytesRecv >= 12 + 16) {
-      char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator
-      decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
-      Serial.println("decrytion function exited");
-      if (decrypted_data[0] == '\0') {
-        continue;
-      }
-      data = decrypted_data;
-      bytesRecv = strlen(decrypted_data);
-    } else {
-      Serial.println("[CHACHA] Received data is too short to be decrypted");
-      continue;
-    }
-
-    Serial.println("decrypted data");
+    char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator
+    decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
+    data = decrypted_data;
+    bytesRecv = strlen(decrypted_data);
 #endif
-
     // verify checksum
     if (!verifyChecksum(data)) {
       Serial.print("[UDP] Checksum mismatch:");
@@ -520,6 +506,14 @@ void TeleClientUDP::inbound()
     }
     if (!data || len == 0) break;
     data[len] = 0;
+
+#if SERVER_ENCRYPTION_ENABLE == 1
+    char decrypted_data[len - 12 - 16 + 1];
+    decrypt_string((unsigned char *)data, len, (unsigned char *)decrypted_data);
+    data = decrypted_data;
+    len = strlen(decrypted_data);
+#endif
+
     Serial.print("[UDP] ");
     Serial.println(data);
     rxBytes += len;
diff --git a/esp32/telelogger/telecrypt.cpp b/esp32/telelogger/telecrypt.cpp
index 30b87fa..77defff 100644
--- a/esp32/telelogger/telecrypt.cpp
+++ b/esp32/telelogger/telecrypt.cpp
@@ -3,6 +3,7 @@
 #include <stdio.h>
 #include <ChaChaPoly.h>
 #include <HardwareSerial.h>
+#include "Crypto.h"
 
 void print_hex(const unsigned char *data, size_t length) {
     for (size_t i = 0; i < length; ++i) {
@@ -12,7 +13,6 @@ void print_hex(const unsigned char *data, size_t length) {
 }
 
 void encrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
-    // Create an instance of the ChaChaPoly class
     ChaChaPoly chachaPoly;
 
     // Initialize the encryption key
@@ -20,8 +20,6 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
     for (int i = 0; i < 32; ++i) {
         sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
     }
-
-    // Set the encryption key
     chachaPoly.setKey(key, sizeof(key));
 
     // Generate a random nonce (IV)
@@ -38,12 +36,10 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
     // Prepend the nonce to the output
     memcpy(output, nonce, sizeof(nonce));
 
-    // Clear the encryption context
     chachaPoly.clear();
 }
 
 void decrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
-    // Create an instance of the ChaChaPoly class
     ChaChaPoly chachaPoly;
 
     // Initialize the decryption key
@@ -51,14 +47,8 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
     for (int i = 0; i < 32; ++i) {
         sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
     }
-
-    Serial.println("loaded key");
-
-    // Set the decryption key
     chachaPoly.setKey(key, sizeof(key));
 
-    Serial.println("set key");
-
     // Extract the nonce (IV) from the input
     unsigned char nonce[12];
     memcpy(nonce, input, sizeof(nonce));
@@ -72,49 +62,55 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
         return;
     }
 
-    Serial.println("did nonce");
-
     // Decrypt the input data
     size_t decryptedLength = length - sizeof(nonce) - chachaPoly.tagSize();
     chachaPoly.decrypt(output, input + sizeof(nonce), decryptedLength);
 
-    Serial.println("did decryption");
-
-    // Print the decrypted data as hex values
-    String decryptedString = "";
-    for (size_t i = 0; i < decryptedLength; i++) {
-        decryptedString += (char)output[i];
-    }
-    Serial.println(decryptedString);
+    // String decryptedString = "";
+    // for (size_t i = 0; i < decryptedLength; i++) {
+    //     decryptedString += (char)output[i];
+    // }
+    // Serial.println(decryptedString);
     
-    // Verify the authentication tag
-
-
-    const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength;
-    Serial.print("Tag: ");
-    for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
-        Serial.print(tagPtr[i], HEX);
-        Serial.print(" ");
-    }
-    Serial.println();
-
-    Serial.print("Computed Tag: ");
-    uint8_t computedTag[16];
+    const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength; // actual tag
+    uint8_t computedTag[16]; // computed tag
     chachaPoly.computeTag(computedTag, sizeof(computedTag));
-    for (size_t i = 0; i < sizeof(computedTag); i++) {
-        Serial.print(computedTag[i], HEX);
-        Serial.print(" ");
-    }
-    Serial.println();
 
-    if (!chachaPoly.checkTag(tagPtr, chachaPoly.tagSize())) {
-        Serial.println("Authentication failed!");
+    // Serial.print("Tag: ");
+    // for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
+    //     Serial.print(tagPtr[i], HEX);
+    //     Serial.print(" ");
+    // }
+    // Serial.println();
+    // Serial.print("Computed Tag: ");
+    // for (size_t i = 0; i < sizeof(computedTag); i++) {
+    //     Serial.print(computedTag[i], HEX);
+    //     Serial.print(" ");
+    // }
+    // Serial.println();
+
+    ///// BEGIN TAG VERIFY
+    // The crypto library implementation of tag verification crashes.
+
+    // Can never match if the expected tag length is too long.
+    if (chachaPoly.tagSize() > 16) {
+        Serial.println("[CHACHA] Authentication failed: expected tag length is too long");
         output[0] = '\0'; // Set output to an empty string
         return;
     }
 
-    ///
+    // Compute the tag and check it.
+    bool equal = secure_compare(computedTag, tagPtr, chachaPoly.tagSize());
+    clean(computedTag);
 
-    // Clear the decryption context
+    if (!equal) {
+        Serial.println("[CHACHA] Authentication failed!");
+        output[0] = '\0';
+        return;
+    }
+
+    ///// END TAG VERIFY
+
+    output[decryptedLength] = '\0';
     chachaPoly.clear();
 }
\ No newline at end of file
diff --git a/server/server.go b/server/server.go
index 3493388..15de618 100644
--- a/server/server.go
+++ b/server/server.go
@@ -142,7 +142,7 @@ func main() {
 						return
 					}
 
-					fmt.Println(string(backendResponse[:]))
+					//fmt.Println(string(backendResponse[:]))
 
 					// Encrypt the backend's response.
 					encryptedBackendResponse, err := encryption.Encrypt(key, backendResponse[:n])