diff --git a/go.mod b/go.mod
index 6d48f9ff..167bd547 100644
--- a/go.mod
+++ b/go.mod
@@ -7,8 +7,10 @@ require (
 	github.com/gorilla/websocket v1.4.1
 	github.com/json-iterator/go v1.1.6
 	github.com/pion/webrtc/v2 v2.1.12
+	github.com/pkg/errors v0.8.1
 	github.com/schollz/logger v1.0.1
-	github.com/schollz/pake/v2 v2.0.1
+	github.com/schollz/pake/v2 v2.0.2
 	github.com/stretchr/testify v1.4.0
-	golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
+	github.com/tscholl2/siec v0.0.0-20191103131401-2e0c53a9e212 // indirect
+	golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708
 )
diff --git a/go.sum b/go.sum
index 3dfacb63..0dd41695 100644
--- a/go.sum
+++ b/go.sum
@@ -80,14 +80,16 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/schollz/logger v1.0.1 h1:BuBAU+euqphM0Ny9qFVScl4RSxatis4nCHIkOxO2cUU=
 github.com/schollz/logger v1.0.1/go.mod h1:P6F4/dGMGcx8wh+kG1zrNEd4vnNpEBY/mwEMd/vn6AM=
-github.com/schollz/pake/v2 v2.0.1 h1:mvDqzFhKdYw2jG7Wk66DD6qtzkKepQ+Q6vd06rURY0E=
-github.com/schollz/pake/v2 v2.0.1/go.mod h1:3uXB571UYJ8Eqh2EEohXe/aO32QID+Varb4GeYA//yw=
+github.com/schollz/pake/v2 v2.0.2 h1:p9y4Gocc5PWueyhhR7OH+Gwpu2xkP5BM9Pepl9krVfo=
+github.com/schollz/pake/v2 v2.0.2/go.mod h1:3uXB571UYJ8Eqh2EEohXe/aO32QID+Varb4GeYA//yw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/tscholl2/siec v0.0.0-20180721101609-21667da05937 h1:lhssCpSe3TjKcbvUoPzFMuv9oUyZDgI3Cmgolfw2C90=
 github.com/tscholl2/siec v0.0.0-20180721101609-21667da05937/go.mod h1:KL9+ubr1JZdaKjgAaHr+tCytEncXBa1pR6FjbTsOJnw=
+github.com/tscholl2/siec v0.0.0-20191103131401-2e0c53a9e212 h1:ebnQAc1NSOA6aYucwo4I0qWchsMph9xhENAyjcDQUfs=
+github.com/tscholl2/siec v0.0.0-20191103131401-2e0c53a9e212/go.mod h1:KL9+ubr1JZdaKjgAaHr+tCytEncXBa1pR6FjbTsOJnw=
 github.com/ugorji/go v1.1.4 h1:j4s+tAvLfL3bZyefP2SEWmhBzmuIlH/eqNuPdFPgngw=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -97,8 +99,8 @@ golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739 h1:Gc7JIyxvWgD6m+QmVryY0M
 golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191001170739-f9e2070545dc h1:KyTYo8xkh/2WdbFLUyQwBS0Jfn3qfZ9QmuPbok2oENE=
 golang.org/x/crypto v0.0.0-20191001170739-f9e2070545dc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4=
-golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708 h1:pXVtWnwHkrWD9ru3sDxY/qFK/bfc0egRovX91EjWjf4=
+golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
diff --git a/src/croc/croc.go b/src/croc/croc.go
index eda8fdfd..71117110 100644
--- a/src/croc/croc.go
+++ b/src/croc/croc.go
@@ -152,6 +152,7 @@ func (c *Client) connectToRelay() (err error) {
 			}
 			wsreply.Message = "[3] pake1"
 			wsreply.Payload = base64.StdEncoding.EncodeToString(c.Pake.Bytes())
+			log.Debugf("[3] pake payload: %s", wsreply.Payload)
 		} else if wsmsg.Message == "[3] pake1" || wsmsg.Message == "[4] pake2" || wsmsg.Message == "[5] pake3" {
 			var pakeBytes []byte
 			pakeBytes, err = base64.StdEncoding.DecodeString(wsmsg.Payload)
@@ -193,6 +194,7 @@ func (c *Client) connectToRelay() (err error) {
 			var sessionKey, salt []byte
 			salt, err = base64.StdEncoding.DecodeString(wsmsg.Payload)
 			if err != nil {
+				log.Debugf("payload: %s", wsmsg.Payload)
 				log.Error(err)
 				return
 			}
@@ -201,6 +203,7 @@ func (c *Client) connectToRelay() (err error) {
 				log.Error(err)
 				return
 			}
+			log.Debugf("using salt: %x", salt)
 			c.Key, _, err = crypt.New(sessionKey, salt)
 			if err != nil {
 				log.Error(err)
diff --git a/src/webrtc/websend/index.html b/src/webrtc/websend/index.html
index bb130eb7..2f18246d 100644
--- a/src/webrtc/websend/index.html
+++ b/src/webrtc/websend/index.html
@@ -125,7 +125,15 @@
     var socket;
     var pakeData;
     var croc = {
-        "key": "",
+        "SharedSecret": "test1",
+        "Key": "",
+        "Pake": "",
+    }
+
+    var checkErr = e => {
+        if (typeof e === 'error') {
+            throw err;
+        }
     }
 
     var sendMessage = msg => {
@@ -143,15 +151,44 @@
 
     const socketMessageListener = (event) => {
         console.log(event.data);
-        var data = JSON.parse(readWebsocketMessage(event.data, croc.key));
+        var data = JSON.parse(readWebsocketMessage(event.data, croc.Key));
         console.log(data);
         if (!("Message" in data)) {
             console.log("no message")
             return
         }
-        // if (data.Message == "[1] you are offerer") {
-
-        // }
+        var message = "";
+        var payload = "";
+        if (data.Message == "[1] you are offerer") {
+            croc.Pake = pakeInit(croc.SharedSecret, "0")
+            message = "[2] you are answerer"
+        } else if (data.Message == "[2] you are answerer") {
+            croc.Pake = pakeInit(croc.SharedSecret, "1")
+            message = "[3] pake1"
+            payload = pakePublic(croc.Pake);
+        } else if (data.Message == "[3] pake1") {
+            console.log("[3] pake1 payload: " + data.Payload)
+            croc.Pake = pakeUpdate(croc.Pake, data.Payload);
+            message = "[4] pake2"
+            payload = pakePublic(croc.Pake)
+        } else if (data.Message == "[4] pake2") {
+            croc.Pake = pakeUpdate(croc.Pake, data.Payload);
+            message = "[5] pake3"
+            payload = pakePublic(croc.Pake)
+        } else if (data.Message == "[5] pake3") {
+            croc.Pake = pakeUpdate(croc.Pake, data.Payload);
+            keyAndSalt = JSON.parse(pakeSessionKey(croc.Pake, ""));
+            message = "[6] salt";
+            payload = keyAndSalt.Salt;
+        }
+        if (message != "") {
+            console.log(`send '${message}'`);
+            socket.send(writeWebsocketMessage(message, payload, croc.Key));
+            if (message == "[6] salt") {
+                // update the key so future transfers are encrypted
+                croc.Key = keyAndSalt.Key;
+            }
+        }
     };
     const socketOpenListener = (event) => {
         log('connected to websockets');
diff --git a/src/webrtc/websend/main.go b/src/webrtc/websend/main.go
index cf382225..1f8d91cf 100644
--- a/src/webrtc/websend/main.go
+++ b/src/webrtc/websend/main.go
@@ -23,6 +23,7 @@ import (
 	"syscall/js"
 	"time"
 
+	"github.com/pkg/errors"
 	"github.com/schollz/croc/v7/src/box"
 	"github.com/schollz/croc/v7/src/crypt"
 	"github.com/schollz/croc/v7/src/models"
@@ -90,7 +91,7 @@ func readWebsocketMessage(this js.Value, inputs []js.Value) interface{} {
 	return string(b)
 }
 
-// initPake(weakPassphrase, role)
+// pakeInit(weakPassphrase, role)
 // returns: pakeBytes
 func pakeInit(this js.Value, inputs []js.Value) interface{} {
 	// initialize sender P ("0" indicates sender)
@@ -99,13 +100,20 @@ func pakeInit(this js.Value, inputs []js.Value) interface{} {
 	}
 	role := 0
 	if inputs[1].String() == "1" {
+		log.Debugf("setting role to 1")
 		role = 1
 	}
-	P, err := pake.Init([]byte(inputs[0].String()), role, elliptic.P521(), 1*time.Millisecond)
+	P, err := pake.Init([]byte(inputs[0].String()), role, elliptic.P521(), 1*time.Microsecond)
 	if err != nil {
+		log.Error(err)
+		return js.Global().Get("Error").New(err.Error())
+	}
+	log.Debugf("init P: %+v", P)
+	bJSON, err := json.Marshal(P)
+	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
-	bJSON, _ := json.Marshal(P)
 	return base64.StdEncoding.EncodeToString(bJSON)
 }
 
@@ -114,7 +122,7 @@ func pakeUpdate(this js.Value, inputs []js.Value) interface{} {
 	if len(inputs) != 2 {
 		return js.Global().Get("Error").New("need two input")
 	}
-	var P, Q *pake.Pake
+	var P *pake.Pake
 
 	b, err := base64.StdEncoding.DecodeString(inputs[0].String())
 	if err != nil {
@@ -124,24 +132,27 @@ func pakeUpdate(this js.Value, inputs []js.Value) interface{} {
 	err = json.Unmarshal(b, &P)
 	P.SetCurve(elliptic.P521())
 	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
 
-	b, err = base64.StdEncoding.DecodeString(inputs[1].String())
+	qbytes, err := base64.StdEncoding.DecodeString(inputs[1].String())
 	if err != nil {
 		log.Errorf("problem with %s: %s", inputs[1].String(), err)
 		return js.Global().Get("Error").New(err.Error())
 	}
-	err = json.Unmarshal(b, &Q)
-	Q.SetCurve(elliptic.P521())
+	log.Debugf("P: %+v", P)
+	log.Debugf("qbytes: %s", qbytes)
+	err = P.Update(qbytes)
 	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
-	err = P.Update(Q.Bytes())
+	bJSON, err := json.Marshal(P)
 	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
-	bJSON, _ := json.Marshal(P)
 	return base64.StdEncoding.EncodeToString(bJSON)
 }
 
@@ -150,14 +161,16 @@ func pakePublic(this js.Value, inputs []js.Value) interface{} {
 	var P *pake.Pake
 	b, err := base64.StdEncoding.DecodeString(inputs[0].String())
 	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
 	err = json.Unmarshal(b, &P)
-	P.SetCurve(elliptic.P521())
 	if err != nil {
+		log.Error(err)
 		return js.Global().Get("Error").New(err.Error())
 	}
-	return base64.StdEncoding.EncodeToString(P.Public().Bytes())
+	P.SetCurve(elliptic.P521())
+	return base64.StdEncoding.EncodeToString(P.Bytes())
 }
 
 // pakeSessionKey(pakeBytes,salt)
@@ -168,6 +181,7 @@ func pakeSessionKey(this js.Value, inputs []js.Value) interface{} {
 	var P *pake.Pake
 	b, err := base64.StdEncoding.DecodeString(inputs[0].String())
 	if err != nil {
+		err = errors.Wrap(err, "could not decode pakeBytes")
 		return js.Global().Get("Error").New(err.Error())
 	}
 	err = json.Unmarshal(b, &P)
@@ -201,6 +215,9 @@ func pakeSessionKey(this js.Value, inputs []js.Value) interface{} {
 	kas.Key = base64.StdEncoding.EncodeToString(cryptKey)
 	kas.Salt = base64.StdEncoding.EncodeToString(cryptSalt)
 	b, _ = json.Marshal(kas)
+
+	log.Debugf("key: %x", cryptKey)
+	log.Debugf("salt: %x", cryptSalt)
 	return string(b)
 }
 
diff --git a/src/webrtc/websend/main.wasm b/src/webrtc/websend/main.wasm
index c1d8a115..aa3d75f1 100755
Binary files a/src/webrtc/websend/main.wasm and b/src/webrtc/websend/main.wasm differ