diff --git a/apps/api/src/services/fiel.service.ts b/apps/api/src/services/fiel.service.ts
index 99a3100..3afc976 100644
--- a/apps/api/src/services/fiel.service.ts
+++ b/apps/api/src/services/fiel.service.ts
@@ -1,6 +1,6 @@
 import { Credential } from '@nodecfdi/credentials/node';
 import { prisma } from '../config/database.js';
-import { encrypt, decrypt } from './sat/sat-crypto.service.js';
+import { encryptFielCredentials, decryptFielCredentials } from './sat/sat-crypto.service.js';
 import type { FielStatus } from '@horux/shared';
 
 /**
@@ -58,10 +58,14 @@ export async function uploadFiel(
       };
     }
     
-    // Encriptar credenciales
-    const { encrypted: encryptedCer, iv, tag } = encrypt(cerData);
-    const { encrypted: encryptedKey } = encrypt(keyData);
-    const { encrypted: encryptedPassword } = encrypt(Buffer.from(password, 'utf-8'));
+    // Encriptar credenciales (todas juntas con el mismo IV/tag)
+    const {
+      encryptedCer,
+      encryptedKey,
+      encryptedPassword,
+      iv,
+      tag,
+    } = encryptFielCredentials(cerData, keyData, password);
     
     // Guardar o actualizar en BD
     await prisma.fielCredential.upsert({
@@ -192,23 +196,15 @@ export async function getDecryptedFiel(tenantId: string): Promise<{
   }
   
   try {
-    // Desencriptar
-    const cerData = decrypt(
+    // Desencriptar todas las credenciales juntas
+    const { cerData, keyData, password } = decryptFielCredentials(
       Buffer.from(fiel.cerData),
-      Buffer.from(fiel.encryptionIv),
-      Buffer.from(fiel.encryptionTag)
-    );
-    const keyData = decrypt(
       Buffer.from(fiel.keyData),
-      Buffer.from(fiel.encryptionIv),
-      Buffer.from(fiel.encryptionTag)
-    );
-    const password = decrypt(
       Buffer.from(fiel.keyPasswordEncrypted),
       Buffer.from(fiel.encryptionIv),
       Buffer.from(fiel.encryptionTag)
-    ).toString('utf-8');
-    
+    );
+
     // Crear credencial
     const credential = Credential.create(
       cerData.toString('binary'),