diff --git a/cr_hsm_code.c b/cr_hsm_code.c
index fbb7e81..b520c91 100644
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@@ -340,7 +340,7 @@ int hsm_get_rtc( time_t *time )
 int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid )
 {
 	int ret_code = CR_GENID_SUCCESS;
-	NFKM_Key keyinfo = NULL;
+	NFKM_Key *keyinfo = NULL;
 	
 	// find key
 	ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
@@ -376,6 +376,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 {
 	int ret_code = CR_GENID_SUCCESS;
 	
+	M_KeyID keyid;
 	M_Command cmd;
 	M_Reply reply;
 	M_IV enc_iv;
@@ -383,13 +384,16 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	memset( &cmd, 0, sizeof( cmd ) );
 	memset( &reply, 0, sizeof( reply ) );
 	
+	// key set
+	keyid = bondingOption ? hsmAeskeyidDev : hsmAesKeyidProd;
+	
 	// iv set
 	enc_iv.mech = Mech_RijndaelmCBCpNONE;
 	memset( enc_iv.iv.generic128.iv.bytes, 0, sizeof( enc_iv.iv.generic128.iv.bytes ) );
 	
 	// encrypt command set
 	cmd.cmd = Cmd_Encrypt;
-	cmd.args.encrypt.key = hsmAeskeyid;
+	cmd.args.encrypt.key = keyid;
 	cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE;
 	cmd.args.encrypt.plain.type = PlainTextType_Bytes;
 	cmd.args.encrypt.plain.data.bytes.data.len = size;
@@ -424,6 +428,7 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 {
 	int ret_code = CR_GENID_SUCCESS;
 	
+	M_KeyID keyid;
 	M_Command cmd;
 	M_Reply reply;
 	M_IV dec_iv;
@@ -431,6 +436,9 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	memset( &cmd, 0, sizeof( cmd ) );
 	memset( &reply, 0, sizeof( reply ) );
 	
+	// key set
+	keyid = bondingOption ? hsmAeskeyidDev : hsmAesKeyidProd;
+	
 	// iv set
 	dec_iv.mech = Mech_RijndaelmCBCpNONE;
 	memset( dec_iv.iv.generic128.iv.bytes, 0, sizeof( dec_iv.iv.generic128.iv.bytes ) );