diff --git a/Cargo.toml b/Cargo.toml
index 604fa8a..b467a5b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,3 +15,4 @@ ring = "0.16.13"
 anyhow = "1.0.30"
 thiserror = "1.0.17"
 crc32fast = "1.2.0"
+orion = "0.15.1"
diff --git a/src/encrypt.rs b/src/encrypt.rs
index 4b6288c..117cffb 100644
--- a/src/encrypt.rs
+++ b/src/encrypt.rs
@@ -1,23 +1,24 @@
 use crate::Packet;
+use orion::aead::SecretKey;
 
 /// trait that allows for me to be lazy
 pub trait Encryption {
     fn kind(&self) -> EncryptKind;
-    fn key(&self) -> Option<Vec<u8>>;
+    fn key(&self) -> Option<&SecretKey>;
     fn encrypt(&self, packet: Packet) -> Packet;
     fn decrypt(&self, packet: Packet) -> Packet;
 }
 
 /// uses ring's aead module
-pub struct SymmetricEncrypt(Vec<u8>);
+pub struct SymmetricEncrypt(SecretKey);
 
 impl Encryption for SymmetricEncrypt {
     fn kind(&self) -> EncryptKind {
         EncryptKind::Symmetric
     }
 
-    fn key(&self) -> Option<Vec<u8>> {
-        Some(self.0.clone())
+    fn key(&self) -> Option<&SecretKey> {
+        Some(&self.0)
     }
 
     fn encrypt(&self, _packet: Packet) -> Packet {
@@ -30,7 +31,7 @@ impl Encryption for SymmetricEncrypt {
 }
 
 impl SymmetricEncrypt {
-    pub fn new(key: Vec<u8>) -> SymmetricEncrypt {
+    pub fn new(key: SecretKey) -> SymmetricEncrypt {
         SymmetricEncrypt(key)
     }
 }
@@ -44,7 +45,7 @@ impl Encryption for NoEncrypt {
     }
 
     // lol
-    fn key(&self) -> Option<Vec<u8>> {
+    fn key(&self) -> Option<&SecretKey> {
         None
     }
 
diff --git a/src/lib.rs b/src/lib.rs
index dcb4ede..750a9c3 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -24,6 +24,7 @@ pub mod encrypt;
 
 use encrypt::{EncryptKind, Encryption};
 use futures_util::io::{AsyncReadExt, AsyncWriteExt};
+use orion::aead;
 use ring::digest;
 use std::convert::TryInto;
 use std::marker::Unpin;
@@ -43,8 +44,8 @@ pub trait Sendable: Sized {
 pub struct Packet {
     pub kind: PacketKind,
     pub encrypt_kind: EncryptKind,
-    integrity_hash: Vec<u8>,
-    contents: Vec<u8>,
+    pub integrity_hash: Vec<u8>,
+    pub contents: Vec<u8>,
 }
 
 impl Packet {
@@ -148,6 +149,8 @@ pub enum IlmpError {
     SerdeJson(#[from] serde_json::error::Error),
     #[error("string parsing error")]
     StringParse(#[from] std::string::FromUtf8Error),
+    #[error("orion error")]
+    Orion(#[from] orion::errors::UnknownCryptoError),
 }
 
 /// reads a `Packet` from a stream
@@ -183,7 +186,7 @@ where
 }
 
 /// writes a `Sendable` packet to a stream
-pub async fn write<S, P, E>(stream: &mut S, packet: P, encryption: E) -> Result<()>
+pub async fn write<S, P, E>(stream: &mut S, packet: P, encryption: &E) -> Result<()>
 where
     S: AsyncWriteExt + Unpin,
     P: Sendable,
@@ -195,6 +198,14 @@ where
             stream.write(&network_packet.0).await?;
             Ok(())
         }
-        EncryptKind::Symmetric => todo!(),
+        EncryptKind::Symmetric => {
+            let mut packet = packet.to_packet(encryption.kind())?;
+            packet.contents = aead::seal(encryption.key().unwrap(), &packet.contents)?;
+            packet.integrity_hash =
+                digest::digest(&digest::SHA256, &packet.contents).as_ref().to_vec();
+            let network_packet = packet.to_network_packet();
+            stream.write(&network_packet.0).await?;
+            Ok(())
+        }
     }
 }