diff --git a/js/privatebin.js b/js/privatebin.js
index bdbafa94..57fbeda8 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -851,10 +851,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          * @param  {string} key
          * @param  {string} password
          * @param  {array}  spec cryptographic specification
+         * @param  {bool}   exportKey
          * @return {CryptoKey} derived key
          */
-        async function deriveKey(key, password, spec)
+        async function deriveKey(key, password, spec, exportKey)
         {
+            exportKey = exportKey || false;
             let keyArray = stringToArraybuffer(key);
             if (password.length > 0) {
                 // version 1 pastes did append the passwords SHA-256 hash in hex
@@ -899,7 +901,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                     name: 'AES-' + spec[6].toUpperCase(), // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC")
                     length: spec[3] // can be 128, 192 or 256
                 },
-                false, // the key may not be exported
+                exportKey, // may the key get exported, false by default
                 ['encrypt', 'decrypt'] // we may only use it for en- and decryption
             );
         }
@@ -935,40 +937,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          */
         me.getCredentials = async function(key, password)
         {
-            let keyArray = stringToArraybuffer(key);
-            if (password.length > 0) {
-                let passwordArray = stringToArraybuffer(password),
-                    newKeyArray = new Uint8Array(keyArray.length + passwordArray.length);
-                newKeyArray.set(keyArray, 0);
-                newKeyArray.set(passwordArray, keyArray.length);
-                keyArray = newKeyArray;
-            }
-
-            // import raw key
-            const importedKey = await window.crypto.subtle.importKey(
-                'raw', // only 'raw' is allowed
-                keyArray.slice(16),
-                {name: 'PBKDF2'}, // we use PBKDF2 for key derivation
-                false, // the key may not be exported
-                ['deriveKey'] // we may only use it for key derivation
-            );
-
-            // derive a stronger key for use with AES
-            const derivedKey = await window.crypto.subtle.deriveKey(
-                {
-                    name: 'PBKDF2', // we use PBKDF2 for key derivation
-                    salt: keyArray.slice(0, 16), // salt used in HMAC
-                    iterations: 100000, // amount of iterations to apply
-                    hash: {name: 'SHA-256'} // can be "SHA-1", "SHA-256", "SHA-384" or "SHA-512"
-                },
-                importedKey,
-                {
-                    name: 'AES-GCM', // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC")
-                    length: 256 // can be 128, 192 or 256
-                },
-                true, // the key can be exported
-                ['encrypt'] // we want to export it
-            );
+            const spec = [
+                null,               // initialization vector
+                key.slice(0, 16),   // salt
+                100000,             // iterations
+                256,                // key size
+                null,               // tag size
+                null,               // algorithm
+                'gcm',              // algorithm mode
+                'none'              // compression
+            ];
+            key = key.slice(16);
+            let derivedKey = await deriveKey(key, password, spec, true);
             return btoa(
                 arraybufferToString(
                     await window.crypto.subtle.exportKey('raw', derivedKey)
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index fdb7a0ab..c73b6738 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -71,7 +71,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-GNjHU6N7D0xG0WHf1DSrJrGavV+ES+w2t0vgICKD2UJ6g40Y1W+3le0iX7GgC8G6ADBsepMSaEyh47a2adA2HA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-JTOr7OLbpnUePy6e/3tj28v3L4Cf1Xvoo1WQVRmJbBAcBK2skOsz4vBkC0RbeRkaObPIYXuv5egrFYseABbuZA==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
diff --git a/tpl/page.php b/tpl/page.php
index 2e98dce4..bbf55845 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -49,7 +49,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-GNjHU6N7D0xG0WHf1DSrJrGavV+ES+w2t0vgICKD2UJ6g40Y1W+3le0iX7GgC8G6ADBsepMSaEyh47a2adA2HA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-JTOr7OLbpnUePy6e/3tj28v3L4Cf1Xvoo1WQVRmJbBAcBK2skOsz4vBkC0RbeRkaObPIYXuv5egrFYseABbuZA==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->