Bob, Yes, that is exactly what I am saying. If both encryption and authentication/integrity are selected as services, apply the encryption algorithm first, then the auth/integrity algorithm (to the ciphertext). Steve