diff --git a/cmd/ipsw/cmd/fw/aea.go b/cmd/ipsw/cmd/fw/aea.go
index f2baed331..dd821033a 100644
--- a/cmd/ipsw/cmd/fw/aea.go
+++ b/cmd/ipsw/cmd/fw/aea.go
@@ -102,6 +102,7 @@ var aeaCmd = &cobra.Command{
 		}
 
 		var bold = color.New(color.Bold).SprintFunc()
+		var info = color.New(color.FgHiGreen).SprintFunc()
 
 		if output == "" {
 			output = filepath.Dir(args[0])
@@ -120,7 +121,9 @@ var aeaCmd = &cobra.Command{
 			}
 			log.Info("AEA Info")
 			for k, v := range metadata {
-				if b64data, err := base64.StdEncoding.WithPadding(base64.StdPadding).DecodeString(string(v)); err == nil {
+				if k == "encryption_key" {
+					fmt.Printf("%s:\n%s\n\n", bold("["+k+"]"), info(string(v)))
+				} else if b64data, err := base64.StdEncoding.WithPadding(base64.StdPadding).DecodeString(string(v)); err == nil {
 					fmt.Printf("%s:\n%s\n", bold("["+k+"]"), utils.HexDump(b64data, 0))
 				} else {
 					if viper.GetBool("color") && !viper.GetBool("no-color") {
diff --git a/pkg/aea/decrypt.go b/pkg/aea/decrypt.go
index 92c9501f7..5f8c8f2f9 100644
--- a/pkg/aea/decrypt.go
+++ b/pkg/aea/decrypt.go
@@ -461,7 +461,13 @@ func Decrypt(c *DecryptConfig) (string, error) {
 		return "", fmt.Errorf("failed to parse AEA: %v", err)
 	}
 
-	if c.B64SymKey == "" {
+	if encKey, ok := metadata["encryption_key"]; ok {
+		c.symEncKey, err = hex.DecodeString(string(encKey))
+		if err != nil {
+			return "", fmt.Errorf("failed to decode hex sym key: %v", err)
+		}
+		c.B64SymKey = base64.StdEncoding.EncodeToString(c.symEncKey)
+	} else if c.B64SymKey == "" {
 		c.symEncKey, err = metadata.DecryptFCS(c.PrivKeyData, c.PemDB)
 		if err != nil {
 			return "", fmt.Errorf("failed to HPKE decrypt fcs-key: %v", err)
@@ -489,6 +495,9 @@ func Decrypt(c *DecryptConfig) (string, error) {
 
 func aea(in, out, key string) (string, error) {
 	if runtime.GOOS == "darwin" {
+		if err := os.MkdirAll(filepath.Dir(out), 0o750); err != nil {
+			return "", fmt.Errorf("failed to create output directory '%s': %v", filepath.Dir(out), err)
+		}
 		cmd := exec.Command(aeaBinPath, "decrypt", "-i", in, "-o", out, "-key-value", fmt.Sprintf("base64:%s", key))
 		cout, err := cmd.CombinedOutput()
 		if err != nil {