diff --git a/src/lib/crypto/symmetric.cpp b/src/lib/crypto/symmetric.cpp
index cffbcad86e..8704799432 100644
--- a/src/lib/crypto/symmetric.cpp
+++ b/src/lib/crypto/symmetric.cpp
@@ -449,6 +449,30 @@ pgp_is_sa_supported(int alg, bool silent)
     return pgp_sa_to_botan_string(alg, silent);
 }
 
+#include "mem.h"
+/*static void
+dump_hex(const uint8_t *buf, size_t len)
+{
+    char ch[3] = {0};
+    fprintf(stderr, "\n");
+    for (size_t i = 0; i < len; i++) {
+        rnp::hex_encode(buf + i, 1, ch, sizeof(ch), rnp::HEX_LOWERCASE);
+        fprintf(stderr, "%s", ch);
+    }
+    fprintf(stderr, "\n");
+    fflush(stderr);
+}
+
+static void
+dump_file(const uint8_t *buf, size_t len)
+{
+    RNP_LOG("Dumping %zu bytes.", len);
+    FILE *out = fopen("symmetric-dump.bin", "ab");
+    fwrite(buf, 1, len, out);
+    fclose(out);
+}
+*/
+
 #if defined(ENABLE_AEAD)
 bool
 pgp_cipher_aead_init(pgp_crypt_t *  crypt,
@@ -474,11 +498,14 @@ pgp_cipher_aead_init(pgp_crypt_t *  crypt,
 
     flags = decrypt ? BOTAN_CIPHER_INIT_FLAG_DECRYPT : BOTAN_CIPHER_INIT_FLAG_ENCRYPT;
 
+    // RNP_LOG("botan_cipher_init: %s", cipher_name);
     if (botan_cipher_init(&(crypt->aead.obj), cipher_name, flags)) {
         RNP_LOG("cipher %s is not available", cipher_name);
         return false;
     }
 
+    // RNP_LOG("botan_cipher_set_key:");
+    // dump_hex(key, pgp_key_size(ealg));
     if (botan_cipher_set_key(crypt->aead.obj, key, (size_t) pgp_key_size(ealg))) {
         RNP_LOG("failed to set key");
         return false;
@@ -528,12 +555,16 @@ pgp_cipher_aead_tag_len(pgp_aead_alg_t aalg)
 bool
 pgp_cipher_aead_set_ad(pgp_crypt_t *crypt, const uint8_t *ad, size_t len)
 {
+    // RNP_LOG("botan_cipher_set_associated_data:");
+    // dump_hex(ad, len);
     return botan_cipher_set_associated_data(crypt->aead.obj, ad, len) == 0;
 }
 
 bool
 pgp_cipher_aead_start(pgp_crypt_t *crypt, const uint8_t *nonce, size_t len)
 {
+    // RNP_LOG("botan_cipher_start:");
+    // dump_hex(nonce, len);
     return botan_cipher_start(crypt->aead.obj, nonce, len) == 0;
 }
 
@@ -548,6 +579,8 @@ pgp_cipher_aead_update(pgp_crypt_t *crypt, uint8_t *out, const uint8_t *in, size
         return false;
     }
 
+    // RNP_LOG("botan_cipher_update:");
+    // dump_file(in, len);
     if (botan_cipher_update(crypt->aead.obj, 0, out, len, &outwr, in, len, &inread) != 0) {
         RNP_LOG("aead update failed");
         return false;
@@ -564,6 +597,7 @@ pgp_cipher_aead_update(pgp_crypt_t *crypt, uint8_t *out, const uint8_t *in, size
 void
 pgp_cipher_aead_reset(pgp_crypt_t *crypt)
 {
+    // RNP_LOG("botan_cipher_reset:");
     botan_cipher_reset(crypt->aead.obj);
 }
 
@@ -578,6 +612,8 @@ pgp_cipher_aead_finish(pgp_crypt_t *crypt, uint8_t *out, const uint8_t *in, size
     if (crypt->aead.decrypt) {
         size_t datalen = len - crypt->aead.taglen;
         /* for decryption we should have tag for the final update call */
+        // RNP_LOG("final decrypt botan_cipher_update:");
+        // dump_file(in, len);
         res =
           botan_cipher_update(crypt->aead.obj, flags, out, datalen, &outwr, in, len, &inread);
         if (res != 0) {
@@ -594,6 +630,8 @@ pgp_cipher_aead_finish(pgp_crypt_t *crypt, uint8_t *out, const uint8_t *in, size
     } else {
         /* for encryption tag will be generated */
         size_t outlen = len + crypt->aead.taglen;
+        // RNP_LOG("final encrypt botan_cipher_update:");
+        // dump_hex(in, len);
         if (botan_cipher_update(
               crypt->aead.obj, flags, out, outlen, &outwr, in, len, &inread) != 0) {
             RNP_LOG("aead finish failed");
@@ -614,6 +652,7 @@ void
 pgp_cipher_aead_destroy(pgp_crypt_t *crypt)
 {
     if (crypt->aead.obj) {
+        // RNP_LOG("botan_cipher_destroy:");
         botan_cipher_destroy(crypt->aead.obj);
     }
     memset(crypt, 0x0, sizeof(*crypt));