diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc
index 1dfcb9e6f..937a5eb01 100644
--- a/libretroshare/src/gxs/rsgxsnetservice.cc
+++ b/libretroshare/src/gxs/rsgxsnetservice.cc
@@ -2140,7 +2140,21 @@ void RsGxsNetService::processTransactions()
                     sendItem(trans);
 
                     // move to completed transactions
-                    mComplTransactions.push_back(tr);
+                    
+                    // try to decrypt, if needed. This function returns true if the transaction is not encrypted.
+                    
+                    if(decryptTransaction(tr))
+                    {
+#ifdef NXS_NET_DEBUG_7
+                        GXSNETDEBUG_P_(tr->mTransaction->PeerId()) << "   successfully decrypted transaction " << transN << std::endl;
+#endif
+			    mComplTransactions.push_back(tr);
+                    }
+#ifdef NXS_NET_DEBUG_7
+                    else
+                        GXSNETDEBUG_P_(tr->mTransaction->PeerId()) << "   no decryption occurred in transaction " << transN << std::endl;
+#endif
+                    
 #ifdef NXS_NET_DEBUG_1
                     int total_transaction_time = (int)time(NULL) - (tr->mTimeOut - mTransactionTimeOut) ;
                     GXSNETDEBUG_P_(mit->first) << "    incoming completed " << tr->mTransaction->nItems << " items transaction in " << total_transaction_time << " seconds." << std::endl;
@@ -3465,6 +3479,8 @@ bool RsGxsNetService::encryptTransaction(NxsTransaction *tr)
 #endif
     GxsSecurity::MultiEncryptionContext muctx ; 
     GxsSecurity::initEncryption(muctx,recipient_keys);
+    
+    uint32_t trNumber = 0 ;
             
     // 3 - serialise and encrypt each message, converting it into a NxsEncryptedDataItem
     
@@ -3494,7 +3510,10 @@ bool RsGxsNetService::encryptTransaction(NxsTransaction *tr)
         
         enc_item->aes_encrypted_data.bin_len  = encrypted_len ;
         enc_item->aes_encrypted_data.bin_data = encrypted_data ;
-        enc_item->aes_encrypted_data.tlvtype  = TLV_TYPE_BIN_ENCRYPTED ;
+        enc_item->transactionNumber = (*it)->transactionNumber ;
+        enc_item->PeerId((*it)->PeerId()) ;
+        
+        trNumber= (*it)->transactionNumber ;
         
         encrypted_items.push_back(enc_item) ;
 #ifdef NXS_NET_DEBUG_7
@@ -3515,6 +3534,8 @@ bool RsGxsNetService::encryptTransaction(NxsTransaction *tr)
     GXSNETDEBUG_P_(peerId) << "  Creating session key" << std::endl;
 #endif
     RsNxsSessionKeyItem *session_key_item = new RsNxsSessionKeyItem(mServType) ;
+    session_key_item->PeerId(tr->mTransaction->PeerId()) ;
+    session_key_item->transactionNumber = trNumber ;
     
     memcpy(session_key_item->iv,muctx.initialisation_vector(),EVP_MAX_IV_LENGTH) ;
     
@@ -3556,9 +3577,9 @@ bool RsGxsNetService::decryptTransaction(NxsTransaction *tr)
     if(esk == NULL)
     {
 #ifdef NXS_NET_DEBUG_7
-        GXSNETDEBUG_P_(peerId) << "  (II) nothing to decrypt. No session key packet in this transaction." << std::endl;
+        GXSNETDEBUG_P_(peerId) << "  (II) nothing to decrypt. No session key packet in this transaction. Transaction is not encrypted" << std::endl;
 #endif
-        return false ;
+        return true ;
     }
     // 2 - Try to decrypt the session key. If not, return false. That probably means
     //     we don't own that identity.
@@ -3578,7 +3599,7 @@ bool RsGxsNetService::decryptTransaction(NxsTransaction *tr)
                     
                     if(!mGixs->getPrivateKey(private_key_id,private_key))
                     {
-                        std::cerr << "(EE) Cannot find private key to decrypt incoming transaction, for ID " << it->first << ". This is a bug since the key is supposed ot be here." << std::endl;
+                        std::cerr << "  (EE) Cannot find private key to decrypt incoming transaction, for ID " << it->first << ". This is a bug since the key is supposed ot be here." << std::endl;
                         return false;
                     }
                     
@@ -3643,7 +3664,7 @@ bool RsGxsNetService::decryptTransaction(NxsTransaction *tr)
     // 4 - put back in transaction.
     
 #ifdef NXS_NET_DEBUG_7
-    GXSNETDEBUG_P_(peerId) << "  replacing items with clear items" << std::endl;
+    GXSNETDEBUG_P_(peerId) << "  Decryption successful: replacing items with clear items" << std::endl;
 #endif
     
     for(std::list<RsNxsItem*>::const_iterator it(tr->mItems.begin());it!=tr->mItems.end();++it)
diff --git a/libretroshare/src/serialiser/rsnxsitems.cc b/libretroshare/src/serialiser/rsnxsitems.cc
index 278833f2c..03f6b0643 100644
--- a/libretroshare/src/serialiser/rsnxsitems.cc
+++ b/libretroshare/src/serialiser/rsnxsitems.cc
@@ -425,6 +425,8 @@ bool RsNxsSessionKeyItem::serialise(void *data, uint32_t& size) const
     if(!serialise_header(data,size,tlvsize,offset))
         return false ;
 
+    ok &= setRawUInt32(data, size, &offset, transactionNumber);
+    
     if(offset + EVP_MAX_IV_LENGTH >= size)
     {
         std::cerr << "RsNxsSessionKeyItem::serialize(): error. Not enough room for IV !" << std::endl;
@@ -460,6 +462,7 @@ bool RsNxsEncryptedDataItem::serialise(void *data, uint32_t& size) const
     if(!serialise_header(data,size,tlvsize,offset))
         return false ;
 
+    ok &= setRawUInt32(data, size, &offset, transactionNumber);
     ok &= aes_encrypted_data.SetTlv(data, size, &offset) ;
 
     if(offset != tlvsize)
@@ -840,6 +843,8 @@ RsNxsSessionKeyItem      *RsNxsSerialiser::deserialNxsSessionKeyItem(void* data,
     uint32_t offset = 8 ;
 
     RsNxsSessionKeyItem* item = new RsNxsSessionKeyItem(SERVICE_TYPE);
+    
+    ok &= getRawUInt32(data, *size, &offset, &(item->transactionNumber));
 
     if(offset + EVP_MAX_IV_LENGTH >= *size)
     {
@@ -891,6 +896,9 @@ RsNxsEncryptedDataItem   *RsNxsSerialiser::deserialNxsEncryptedDataItem(void* da
 
     RsNxsEncryptedDataItem* item = new RsNxsEncryptedDataItem(SERVICE_TYPE);
 
+    ok &= getRawUInt32(data, *size, &offset, &(item->transactionNumber));
+    item->aes_encrypted_data.tlvtype = TLV_TYPE_BIN_ENCRYPTED ;
+    
     ok &= item->aes_encrypted_data.GetTlv(data,*size,&offset) ;
     
     if (offset != *size)
@@ -1037,6 +1045,7 @@ uint32_t RsNxsEncryptedDataItem::serial_size() const
 {
     uint32_t s = 8; // header size
 
+    s += 4; // transaction number
     s += aes_encrypted_data.TlvSize() ;
 
     return s;
@@ -1045,6 +1054,7 @@ uint32_t RsNxsSessionKeyItem::serial_size() const
 {
     uint32_t s = 8; // header size
 
+    s += 4; 			// transaction number
     s += EVP_MAX_IV_LENGTH ;	// iv
     s += 4 ; 			// encrypted_session_keys.size() ;
     
diff --git a/libretroshare/src/serialiser/rsnxsitems.h b/libretroshare/src/serialiser/rsnxsitems.h
index 6bb653d16..dcd3eb7eb 100644
--- a/libretroshare/src/serialiser/rsnxsitems.h
+++ b/libretroshare/src/serialiser/rsnxsitems.h
@@ -277,7 +277,11 @@ class RsNxsEncryptedDataItem : public RsNxsItem
 
 public:
 
-    RsNxsEncryptedDataItem(uint16_t servtype) : RsNxsItem(servtype, RS_PKT_SUBTYPE_NXS_SESSION_KEY_ITEM),aes_encrypted_data(servtype) { clear(); }
+    RsNxsEncryptedDataItem(uint16_t servtype) : RsNxsItem(servtype, RS_PKT_SUBTYPE_NXS_ENCRYPTED_DATA_ITEM),aes_encrypted_data(servtype) 
+    { 
+	aes_encrypted_data.tlvtype = TLV_TYPE_BIN_ENCRYPTED ;
+	clear(); 
+    }
     virtual ~RsNxsEncryptedDataItem() {}
 
 	virtual bool serialise(void *data,uint32_t& size) const;