diff --git a/go.mod b/go.mod
index d3cf08d..42d512f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/opencoff/sigtool
 
-go 1.13
+go 1.17
 
 require (
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a
@@ -10,3 +10,5 @@ require (
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
 	gopkg.in/yaml.v2 v2.2.7
 )
+
+require golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
diff --git a/sign/encrypt.go b/sign/encrypt.go
index 2e768db..bb9e4d1 100644
--- a/sign/encrypt.go
+++ b/sign/encrypt.go
@@ -696,10 +696,11 @@ func fullwrite(buf []byte, wr io.Writer) error {
 }
 
 // make aead nonce from salt, chunk-size and block#
+// First 8 bytes are chunk-size and nonce (in 'ad')
 func makeNonceV2(dest []byte, salt []byte, ad []byte) []byte {
 	n := len(ad)
-	copy(dest, salt[:n])
-	copy(dest[n:], ad)
+	copy(dest, ad)
+	copy(dest[n:], salt)
 	return dest
 }