diff --git a/xep-0384.xml b/xep-0384.xml
index 536a2448..8948c5fb 100644
--- a/xep-0384.xml
+++ b/xep-0384.xml
@@ -271,11 +271,11 @@
- Generate 16 bytes of cryptographically secure random data, called key in the remainder of this algorithm.
- - Encrypt this key using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.
- Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.
- Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.
- Encrypt the plaintext using AES-256-CBC with PKCS#7 padding, using the encryption key and IV derived in the previous step.
- Calculate the HMAC-SHA-256 using the authentication key and the ciphertext from the previous steps.
+ - Concatenate the key and the HMAC, encrypt them using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.
@@ -283,7 +283,7 @@
The contents are decrypted by reversing the encryption steps.
- - Decrypt the 16 bytes key from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.
+ - Decrypt the key and HMAC from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.
- Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.
- Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.
- Verify the HMAC-SHA-256 using the authentication key derived in the previous step and the ciphertext.