diff --git a/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/state/SessionState.kt b/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/state/SessionState.kt
index 70e203ccae2..0cc3d578575 100644
--- a/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/state/SessionState.kt
+++ b/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/state/SessionState.kt
@@ -1,5 +1,6 @@
 package net.corda.p2p.linkmanager.state
 
+import net.corda.crypto.client.SessionEncryptionOpsClient
 import net.corda.data.p2p.LinkOutMessage
 import net.corda.data.p2p.crypto.protocol.AuthenticationProtocolInitiatorDetails
 import net.corda.data.p2p.crypto.protocol.AuthenticationProtocolResponderDetails
@@ -9,7 +10,6 @@ import net.corda.p2p.crypto.protocol.api.AuthenticationProtocolResponder.Compani
 import net.corda.p2p.crypto.protocol.api.CheckRevocation
 import net.corda.p2p.crypto.protocol.api.SerialisableSessionData
 import net.corda.p2p.crypto.protocol.api.Session.Companion.toCorda
-import net.corda.p2p.linkmanager.stubs.Encryption
 import net.corda.schema.registry.AvroSchemaRegistry
 import net.corda.v5.base.exceptions.CordaRuntimeException
 import java.nio.ByteBuffer
@@ -22,11 +22,11 @@ internal data class SessionState(
     companion object {
         fun AvroSessionData.toCorda(
             avroSchemaRegistry: AvroSchemaRegistry,
-            encryption: Encryption,
+            encryption: SessionEncryptionOpsClient,
             checkRevocation: CheckRevocation,
         ): SessionState {
             val rawData = ByteBuffer.wrap(
-                encryption.decrypt(this.encryptedSessionData.array()),
+                encryption.decryptSessionData(this.encryptedSessionData.array()),
             )
             val sessionData = when (val type = avroSchemaRegistry.getClassType(rawData)) {
                 AuthenticationProtocolInitiatorDetails::class.java -> {
@@ -61,11 +61,11 @@ internal data class SessionState(
 
     fun toAvro(
         avroSchemaRegistry: AvroSchemaRegistry,
-        encryption: Encryption,
+        encryption: SessionEncryptionOpsClient,
     ): AvroSessionData {
         val sessionAvroData = sessionData.toAvro()
         val rawData = avroSchemaRegistry.serialize(sessionAvroData)
-        val encryptedData = encryption.encrypt(rawData.array())
+        val encryptedData = encryption.encryptSessionData(rawData.array())
         return AvroSessionData(
             message,
             ByteBuffer.wrap(encryptedData),
diff --git a/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/stubs/Encryption.kt b/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/stubs/Encryption.kt
deleted file mode 100644
index 217a303155d..00000000000
--- a/components/link-manager/src/main/kotlin/net/corda/p2p/linkmanager/stubs/Encryption.kt
+++ /dev/null
@@ -1,16 +0,0 @@
-package net.corda.p2p.linkmanager.stubs
-
-import org.bouncycastle.util.encoders.Base64
-
-/**
- * This is an unsafe encryption stub.
- * This will be replaced by proper encryption as part of CORE-18791.
- */
-internal class Encryption {
-    fun encrypt(data: ByteArray): ByteArray {
-        return Base64.encode(data)
-    }
-    fun decrypt(data: ByteArray): ByteArray {
-        return Base64.decode(data)
-    }
-}
diff --git a/components/link-manager/src/test/kotlin/net/corda/p2p/linkmanager/state/SessionStateTest.kt b/components/link-manager/src/test/kotlin/net/corda/p2p/linkmanager/state/SessionStateTest.kt
index 1b5b13273f5..19e4ebe1a31 100644
--- a/components/link-manager/src/test/kotlin/net/corda/p2p/linkmanager/state/SessionStateTest.kt
+++ b/components/link-manager/src/test/kotlin/net/corda/p2p/linkmanager/state/SessionStateTest.kt
@@ -1,5 +1,6 @@
 package net.corda.p2p.linkmanager.state
 
+import net.corda.crypto.client.SessionEncryptionOpsClient
 import net.corda.data.p2p.LinkOutMessage
 import net.corda.data.p2p.crypto.ProtocolMode
 import net.corda.data.p2p.crypto.protocol.AuthenticatedEncryptionSessionDetails
@@ -14,7 +15,6 @@ import net.corda.data.p2p.crypto.protocol.Session
 import net.corda.p2p.crypto.protocol.api.AuthenticatedSession
 import net.corda.p2p.crypto.protocol.api.Session.Companion.toCorda
 import net.corda.p2p.linkmanager.state.SessionState.Companion.toCorda
-import net.corda.p2p.linkmanager.stubs.Encryption
 import net.corda.schema.registry.AvroSchemaRegistry
 import net.corda.v5.base.exceptions.CordaRuntimeException
 import org.apache.avro.specific.SpecificRecordBase
@@ -24,6 +24,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.junit.jupiter.api.BeforeAll
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.assertThrows
+import org.mockito.kotlin.anyOrNull
 import org.mockito.kotlin.doReturn
 import org.mockito.kotlin.eq
 import org.mockito.kotlin.mock
@@ -55,9 +56,9 @@ YQIDAQAB
     private val decrypted = byteArrayOf(1)
     private val encrypted = byteArrayOf(2)
     private val serialized = ByteBuffer.wrap(decrypted)
-    private val encryption = mock<Encryption> {
-        on { decrypt(eq(encrypted)) } doReturn decrypted
-        on { encrypt(eq(decrypted)) } doReturn encrypted
+    private val encryption = mock<SessionEncryptionOpsClient> {
+        on { decryptSessionData(eq(encrypted), anyOrNull()) } doReturn decrypted
+        on { encryptSessionData(eq(decrypted), anyOrNull()) } doReturn encrypted
     }
     private val avroSchemaRegistry = mock<AvroSchemaRegistry>()
     private val message = mock<LinkOutMessage>()