diff --git a/src/Simplex/Messaging/Agent/Store/SQLite.hs b/src/Simplex/Messaging/Agent/Store/SQLite.hs
index b0edd2a0a..85b5d3fc7 100644
--- a/src/Simplex/Messaging/Agent/Store/SQLite.hs
+++ b/src/Simplex/Messaging/Agent/Store/SQLite.hs
@@ -1338,7 +1338,7 @@ createServer_ db newSrv@ProtocolServer {host, port, keyHash} =
     insertNewServer_ =
       DB.execute db "INSERT INTO servers (host, port, key_hash) VALUES (?,?,?)" (host, port, keyHash)
 
--- | Returns the stored server key hash if it is different from the passed one, or the error if the server does not exist.
+-- | Returns the passed server key hash if it is different from the stored one, or the error if the server does not exist.
 getServerKeyHash_ :: DB.Connection -> SMPServer -> IO (Either StoreError (Maybe C.KeyHash))
 getServerKeyHash_ db ProtocolServer {host, port, keyHash} = do
   firstRow useKeyHash SEServerNotFound $
diff --git a/src/Simplex/Messaging/Crypto.hs b/src/Simplex/Messaging/Crypto.hs
index 31c352aa9..235b6919c 100644
--- a/src/Simplex/Messaging/Crypto.hs
+++ b/src/Simplex/Messaging/Crypto.hs
@@ -96,6 +96,8 @@ module Simplex.Messaging.Crypto
     decryptAES,
     encryptAEAD,
     decryptAEAD,
+    encryptAESNoPad,
+    decryptAESNoPad,
     authTagSize,
     randomAesKey,
     randomIV,
@@ -814,6 +816,14 @@ encryptAEAD aesKey ivBytes paddedLen ad msg = do
   msg' <- liftEither $ pad msg paddedLen
   pure . first AuthTag $ AES.aeadSimpleEncrypt aead ad msg' authTagSize
 
+encryptAESNoPad :: Key -> IV -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString)
+encryptAESNoPad key iv = encryptAEADNoPad key iv ""
+
+encryptAEADNoPad :: Key -> IV -> ByteString -> ByteString -> ExceptT CryptoError IO (AuthTag, ByteString)
+encryptAEADNoPad aesKey ivBytes ad msg = do
+  aead <- initAEAD @AES256 aesKey ivBytes
+  pure . first AuthTag $ AES.aeadSimpleEncrypt aead ad msg authTagSize
+
 -- | AEAD-GCM decryption with empty associated data.
 --
 -- Used as part of hybrid E2E encryption scheme and for SMP transport blocks decryption.
@@ -828,6 +838,14 @@ decryptAEAD aesKey ivBytes ad msg (AuthTag authTag) = do
   aead <- initAEAD @AES256 aesKey ivBytes
   liftEither . unPad =<< maybeError AESDecryptError (AES.aeadSimpleDecrypt aead ad msg authTag)
 
+decryptAESNoPad :: Key -> IV -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString
+decryptAESNoPad key iv = decryptAEADNoPad key iv ""
+
+decryptAEADNoPad :: Key -> IV -> ByteString -> ByteString -> AuthTag -> ExceptT CryptoError IO ByteString
+decryptAEADNoPad aesKey ivBytes ad msg (AuthTag authTag) = do
+  aead <- initAEAD @AES256 aesKey ivBytes
+  maybeError AESDecryptError (AES.aeadSimpleDecrypt aead ad msg authTag)
+
 maxMsgLen :: Int
 maxMsgLen = 2 ^ (16 :: Int) - 3