diff --git a/lrzip.c b/lrzip.c
index 18e6c95..d491dcd 100644
--- a/lrzip.c
+++ b/lrzip.c
@@ -905,8 +905,12 @@ next_chunk:
 		if (unlikely(read(fd_in, md5_stored, MD5_DIGEST_SIZE) != MD5_DIGEST_SIZE))
 			fatal("Failed to read md5 data in runzip_fd\n");
 		print_output("MD5: ");
-		for (i = 0; i < MD5_DIGEST_SIZE; i++)
-			print_output("%02x", md5_stored[i] & 0xFF);
+		if (ENCRYPT)
+			print_output("Unknown, encrypted\n");
+		else {
+			for (i = 0; i < MD5_DIGEST_SIZE; i++)
+				print_output("%02x", md5_stored[i] & 0xFF);
+		}
 		print_output("\n");
 	} else
 		print_output("CRC32 used for integrity testing\n");
diff --git a/runzip.c b/runzip.c
index e2d3417..167394f 100644
--- a/runzip.c
+++ b/runzip.c
@@ -347,6 +347,17 @@ i64 runzip_fd(rzip_control *control, int fd_in, int fd_out, int fd_hist, i64 exp
 #endif
 			if (unlikely(read_1g(control, fd_in, md5_stored, MD5_DIGEST_SIZE) != MD5_DIGEST_SIZE))
 				fatal("Failed to read md5 data in runzip_fd\n");
+			if (ENCRYPT) {
+				/* Even the MD5 value is stored encrypted */
+				uchar *dec_buf = malloc(MD5_DIGEST_SIZE);
+
+				if (unlikely(aes_crypt_cbc(&control->aes_ctx, AES_DECRYPT,
+					MD5_DIGEST_SIZE, control->hash_iv, md5_stored, dec_buf)))
+						failure("Failed to aes_crypt_cbc in runzip_fd\n");
+				for (i = 0; i < MD5_DIGEST_SIZE; i++)
+					md5_stored[i] = dec_buf[i];
+				free(dec_buf);
+			}
 			for (i = 0; i < MD5_DIGEST_SIZE; i++)
 				if (md5_stored[i] != md5_resblock[i]) {
 					print_output("MD5 CHECK FAILED.\nStored:");
@@ -379,7 +390,7 @@ i64 runzip_fd(rzip_control *control, int fd_in, int fd_out, int fd_hist, i64 exp
 				fatal("Failed to fdopen fd_hist in runzip_fd\n");
 			if (unlikely(md5_stream(md5_fstream, md5_resblock)))
 				fatal("Failed to md5_stream in runzip_fd\n");
-			/* We dont' close the file here as it's closed in main */
+			/* We don't close the file here as it's closed in main */
 			for (i = 0; i < MD5_DIGEST_SIZE; i++)
 				if (md5_stored[i] != md5_resblock[i]) {
 					print_output("MD5 CHECK FAILED.\nStored:");
diff --git a/rzip.c b/rzip.c
index 72d86b4..8a69940 100644
--- a/rzip.c
+++ b/rzip.c
@@ -976,7 +976,19 @@ retry:
 			print_output("%02x", md5_resblock[j] & 0xFF);
 		print_output("\n");
 	}
-	if (unlikely(write_1g(control, md5_resblock, MD5_DIGEST_SIZE) != MD5_DIGEST_SIZE))
+	if (ENCRYPT) {
+		/* When encrypting data, we encrypt the MD5 value as well */
+		uchar *enc_buf = malloc(MD5_DIGEST_SIZE);
+
+		if (unlikely(!enc_buf))
+			fatal("Failed to malloc enc_buf in rzip_fd\n");
+		if (unlikely(aes_crypt_cbc(&control->aes_ctx, AES_ENCRYPT,
+			MD5_DIGEST_SIZE, control->hash_iv, md5_resblock, enc_buf)))
+				failure("Failed to aes_crypt_cbc in rzip_fd\n");
+		if (unlikely(write_1g(control, enc_buf, MD5_DIGEST_SIZE) != MD5_DIGEST_SIZE))
+			fatal("Failed to write encrypted md5 in rzip_fd\n");
+		free(enc_buf);
+	} else if (unlikely(write_1g(control, md5_resblock, MD5_DIGEST_SIZE) != MD5_DIGEST_SIZE))
 		fatal("Failed to write md5 in rzip_fd\n");
 
 	if (TMP_OUTBUF)