diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs
index a07204d2..b8697d01 100644
--- a/src/backup/crypt_config.rs
+++ b/src/backup/crypt_config.rs
@@ -82,8 +82,8 @@ impl CryptConfig {
         tag
     }
 
-    pub fn data_crypter(&self, iv: &[u8; 16]) -> Result<Crypter, Error>  {
-        let mut crypter = openssl::symm::Crypter::new(self.cipher, Mode::Encrypt, &self.enc_key, Some(iv))?;
+    pub fn data_crypter(&self, iv: &[u8; 16], mode: Mode) -> Result<Crypter, Error>  {
+        let mut crypter = openssl::symm::Crypter::new(self.cipher, mode, &self.enc_key, Some(iv))?;
         crypter.aad_update(b"")?; //??
         Ok(crypter)
     }
@@ -102,7 +102,7 @@ impl CryptConfig {
 
         let mut tag = [0u8; 16];
 
-        let mut c = self.data_crypter(&iv)?;
+        let mut c = self.data_crypter(&iv, Mode::Encrypt)?;
 
         const BUFFER_SIZE: usize = 32*1024;
 
@@ -144,7 +144,7 @@ impl CryptConfig {
 
         let mut decompressor = zstd::stream::write::Decoder::new(dec)?;
 
-        let mut c = self.data_crypter(iv)?;
+        let mut c = self.data_crypter(iv, Mode::Decrypt)?;
 
         const BUFFER_SIZE: usize = 32*1024;
 
diff --git a/src/backup/data_blob.rs b/src/backup/data_blob.rs
index 19d91f9d..144dc808 100644
--- a/src/backup/data_blob.rs
+++ b/src/backup/data_blob.rs
@@ -307,8 +307,6 @@ impl DataBlob {
 
 }
 
-// TODO: impl. other blob types
-
 use std::io::{Read, BufRead, Write, Seek, SeekFrom};
 
 struct CryptWriter<W> {
@@ -324,7 +322,7 @@ impl <W: Write> CryptWriter<W> {
         let mut iv = [0u8; 16];
         proxmox::sys::linux::fill_with_random_data(&mut iv)?;
 
-        let crypter = config.data_crypter(&iv)?;
+        let crypter = config.data_crypter(&iv, openssl::symm::Mode::Encrypt)?;
 
         Ok(Self { writer, iv, crypter, encr_buf: [0u8; 64*1024] })
     }
@@ -575,6 +573,7 @@ impl <'a, W: Write + Seek> DataBlobWriter<'a, W> {
                     head: DataBlobHeader { magic: ENCRYPTED_BLOB_MAGIC_1_0, crc: crc.to_le_bytes() },
                     iv, tag,
                 };
+                writer.seek(SeekFrom::Start(0))?;
                 unsafe {
                     writer.write_le_value(head)?;
                 }
@@ -589,6 +588,7 @@ impl <'a, W: Write + Seek> DataBlobWriter<'a, W> {
                     head: DataBlobHeader { magic: ENCR_COMPR_BLOB_MAGIC_1_0, crc: crc.to_le_bytes() },
                     iv, tag,
                 };
+                writer.seek(SeekFrom::Start(0))?;
                 unsafe {
                     writer.write_le_value(head)?;
                 }