diff --git a/CHANGELOG.md b/CHANGELOG.md
index d7333a693..61b1a4dc5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+Release 5.4.2:
+- Fix auth tag size calculation
+
 Release 5.4.1:
  - Fix encoding `dcql_query` in authentication request, it is now a string
  - Provide default values for RQES data classes
diff --git a/gradle.properties b/gradle.properties
index 5aa54569b..1339def87 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -12,7 +12,7 @@ kotlin.mpp.enableCInteropCommonization=true
 kotlin.mpp.stability.nowarn=true
 kotlin.native.ignoreDisabledTargets=true
 
-artifactVersion = 5.4.1
+artifactVersion = 5.4.2
 jdk.version=17
 
 
diff --git a/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt b/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt
index 99e9f8c85..e0c68eb3f 100644
--- a/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt
+++ b/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt
@@ -33,8 +33,9 @@ actual open class PlatformCryptoShim actual constructor(actual val keyMaterial:
             }
         }.doFinal(input)
         if (algorithm.isAuthenticatedEncryption) {
-            val ciphertext = jcaCiphertext.dropLast(algorithm.ivLengthBits / 8).toByteArray()
-            val authtag = jcaCiphertext.takeLast(algorithm.ivLengthBits / 8).toByteArray()
+            //FOR AES AEAD it is always block size
+            val ciphertext = jcaCiphertext.dropLast(128/ 8).toByteArray()
+            val authtag = jcaCiphertext.takeLast(128 / 8).toByteArray()
             AuthenticatedCiphertext(ciphertext, authtag)
         } else {
             AuthenticatedCiphertext(jcaCiphertext, byteArrayOf())
diff --git a/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt b/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt
index a42f48552..9f6735910 100644
--- a/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt
+++ b/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt
@@ -41,8 +41,9 @@ actual open class PlatformCryptoShim actual constructor(actual val keyMaterial:
             }
         }.doFinal(input)
         if (algorithm.isAuthenticatedEncryption) {
-            val ciphertext = jcaCiphertext.dropLast(algorithm.ivLengthBits / 8).toByteArray()
-            val authtag = jcaCiphertext.takeLast(algorithm.ivLengthBits / 8).toByteArray()
+            //FOR AES AEAD it is always block size
+            val ciphertext = jcaCiphertext.dropLast(128/ 8).toByteArray()
+            val authtag = jcaCiphertext.takeLast(128 / 8).toByteArray()
             AuthenticatedCiphertext(ciphertext, authtag)
         } else {
             AuthenticatedCiphertext(jcaCiphertext, byteArrayOf())