diff --git a/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts b/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts
index ef78e09e6b..0a150b26ae 100644
--- a/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts
+++ b/apps/web/src/app/auth/core/services/rotateable-key-set.service.ts
@@ -58,7 +58,7 @@ export class RotateableKeySetService {
       throw new Error("failed to rotate key set: newUserKey is required");
     }
 
-    const publicKey = await this.encryptService.decryptToBytes(
+    const publicKey = await this.encryptService.unwrapEncapsulationKey(
       keySet.encryptedPublicKey,
       oldUserKey,
     );
diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
index 0a30aa1647..253328b0c0 100644
--- a/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
+++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
@@ -95,7 +95,7 @@ describe("AcceptOrganizationInviteService", () => {
       encryptService.wrapDecapsulationKey.mockResolvedValue({
         encryptedString: "string",
       } as EncString);
-      encryptService.encrypt.mockResolvedValue({ encryptedString: "string" } as EncString);
+      encryptService.encryptString.mockResolvedValue({ encryptedString: "string" } as EncString);
       const invite = createOrgInvite({ initOrganization: true });
 
       const result = await sut.validateAndAcceptInvite(invite);
diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
index b6a7719c54..c68b174166 100644
--- a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
+++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
@@ -145,7 +145,7 @@ export class AcceptOrganizationInviteService {
 
     const [encryptedOrgKey, orgKey] = await this.keyService.makeOrgKey<OrgKey>();
     const [orgPublicKey, encryptedOrgPrivateKey] = await this.keyService.makeKeyPair(orgKey);
-    const collection = await this.encryptService.encrypt(
+    const collection = await this.encryptService.encryptString(
       this.i18nService.t("defaultCollection"),
       orgKey,
     );
diff --git a/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
index 2cdeb710ab..ebbe2f3b6c 100644
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
@@ -230,7 +230,7 @@ describe("WebAuthnLoginStrategy", () => {
     const mockUserKeyArray: Uint8Array = randomBytes(32);
     const mockUserKey = new SymmetricCryptoKey(mockUserKeyArray) as UserKey;
 
-    encryptService.decryptToBytes.mockResolvedValue(mockPrfPrivateKey);
+    encryptService.unwrapDecapsulationKey.mockResolvedValue(mockPrfPrivateKey);
     encryptService.decapsulateKeyUnsigned.mockResolvedValue(
       new SymmetricCryptoKey(mockUserKeyArray),
     );
@@ -246,8 +246,8 @@ describe("WebAuthnLoginStrategy", () => {
       userId,
     );
 
-    expect(encryptService.decryptToBytes).toHaveBeenCalledTimes(1);
-    expect(encryptService.decryptToBytes).toHaveBeenCalledWith(
+    expect(encryptService.unwrapDecapsulationKey).toHaveBeenCalledTimes(1);
+    expect(encryptService.unwrapDecapsulationKey).toHaveBeenCalledWith(
       idTokenResponse.userDecryptionOptions.webAuthnPrfOption.encryptedPrivateKey,
       webAuthnCredentials.prfKey,
     );
@@ -279,7 +279,7 @@ describe("WebAuthnLoginStrategy", () => {
     await webAuthnLoginStrategy.logIn(webAuthnCredentials);
 
     // Assert
-    expect(encryptService.decryptToBytes).not.toHaveBeenCalled();
+    expect(encryptService.unwrapDecapsulationKey).not.toHaveBeenCalled();
     expect(encryptService.decapsulateKeyUnsigned).not.toHaveBeenCalled();
     expect(keyService.setUserKey).not.toHaveBeenCalled();
   });
@@ -314,7 +314,7 @@ describe("WebAuthnLoginStrategy", () => {
 
     apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
 
-    encryptService.decryptToBytes.mockResolvedValue(null);
+    encryptService.unwrapDecapsulationKey.mockResolvedValue(null);
 
     // Act
     await webAuthnLoginStrategy.logIn(webAuthnCredentials);
diff --git a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
index 895617b323..182d44195c 100644
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
@@ -82,7 +82,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
       }
 
       // decrypt prf encrypted private key
-      const privateKey = await this.encryptService.decryptToBytes(
+      const privateKey = await this.encryptService.unwrapDecapsulationKey(
         webAuthnPrfOption.encryptedPrivateKey,
         credentials.prfKey,
       );
diff --git a/libs/auth/src/common/services/pin/pin.service.implementation.ts b/libs/auth/src/common/services/pin/pin.service.implementation.ts
index 4e363063f2..5b7777fedd 100644
--- a/libs/auth/src/common/services/pin/pin.service.implementation.ts
+++ b/libs/auth/src/common/services/pin/pin.service.implementation.ts
@@ -8,7 +8,6 @@ import { EncryptService } from "@bitwarden/common/key-management/crypto/abstract
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { EncString, EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import {
   PIN_DISK,
   PIN_MEMORY,
@@ -221,7 +220,7 @@ export class PinService implements PinServiceAbstraction {
       throw new Error("No UserKey provided. Cannot create userKeyEncryptedPin.");
     }
 
-    return await this.encryptService.encrypt(pin, userKey);
+    return await this.encryptService.encryptString(pin, userKey);
   }
 
   async makePinKey(pin: string, salt: string, kdfConfig: KdfConfig): Promise<PinKey> {
@@ -339,9 +338,9 @@ export class PinService implements PinServiceAbstraction {
     }
 
     const pinKey = await this.makePinKey(pin, salt, kdfConfig);
-    const userKey = await this.encryptService.decryptToBytes(pinKeyEncryptedUserKey, pinKey);
+    const userKey = await this.encryptService.unwrapSymmetricKey(pinKeyEncryptedUserKey, pinKey);
 
-    return new SymmetricCryptoKey(userKey) as UserKey;
+    return userKey as UserKey;
   }
 
   /**
@@ -377,7 +376,7 @@ export class PinService implements PinServiceAbstraction {
     this.validateUserId(userId, "Cannot validate PIN.");
 
     const userKeyEncryptedPin = await this.getUserKeyEncryptedPin(userId);
-    const decryptedPin = await this.encryptService.decryptToUtf8(userKeyEncryptedPin, userKey);
+    const decryptedPin = await this.encryptService.decryptString(userKeyEncryptedPin, userKey);
 
     const isPinValid = this.cryptoFunctionService.compareFast(decryptedPin, pin);
     return isPinValid;
diff --git a/libs/auth/src/common/services/pin/pin.service.spec.ts b/libs/auth/src/common/services/pin/pin.service.spec.ts
index 5469b121f1..33640e0f9f 100644
--- a/libs/auth/src/common/services/pin/pin.service.spec.ts
+++ b/libs/auth/src/common/services/pin/pin.service.spec.ts
@@ -259,11 +259,11 @@ describe("PinService", () => {
       });
 
       it("should create a userKeyEncryptedPin from the provided PIN and userKey", async () => {
-        encryptService.encrypt.mockResolvedValue(mockUserKeyEncryptedPin);
+        encryptService.encryptString.mockResolvedValue(mockUserKeyEncryptedPin);
 
         const result = await sut.createUserKeyEncryptedPin(mockPin, mockUserKey);
 
-        expect(encryptService.encrypt).toHaveBeenCalledWith(mockPin, mockUserKey);
+        expect(encryptService.encryptString).toHaveBeenCalledWith(mockPin, mockUserKey);
         expect(result).toEqual(mockUserKeyEncryptedPin);
       });
     });
@@ -425,7 +425,7 @@ describe("PinService", () => {
       mockDecryptUserKeyFn();
 
       sut.getUserKeyEncryptedPin = jest.fn().mockResolvedValue(mockUserKeyEncryptedPin);
-      encryptService.decryptToUtf8.mockResolvedValue(mockPin);
+      encryptService.decryptString.mockResolvedValue(mockPin);
       cryptoFunctionService.compareFast.calledWith(mockPin, "1234").mockResolvedValue(true);
     }
 
@@ -434,7 +434,7 @@ describe("PinService", () => {
         .fn()
         .mockResolvedValue(pinKeyEncryptedUserKeyPersistant);
       sut.makePinKey = jest.fn().mockResolvedValue(mockPinKey);
-      encryptService.decryptToBytes.mockResolvedValue(mockUserKey.toEncoded());
+      encryptService.unwrapSymmetricKey.mockResolvedValue(mockUserKey);
     }
 
     function mockPinEncryptedKeyDataByPinLockType(pinLockType: PinLockType) {
@@ -490,7 +490,7 @@ describe("PinService", () => {
         it(`should return null when PIN doesn't match after successful user key decryption`, async () => {
           // Arrange
           await setupDecryptUserKeyWithPinMocks(pinLockType);
-          encryptService.decryptToUtf8.mockResolvedValue("9999"); // non matching PIN
+          encryptService.decryptString.mockResolvedValue("9999"); // non matching PIN
 
           // Act
           const result = await sut.decryptUserKeyWithPin(mockPin, mockUserId);
diff --git a/libs/common/src/auth/services/token.service.spec.ts b/libs/common/src/auth/services/token.service.spec.ts
index 449f5d17ad..a56853c479 100644
--- a/libs/common/src/auth/services/token.service.spec.ts
+++ b/libs/common/src/auth/services/token.service.spec.ts
@@ -293,7 +293,7 @@ describe("TokenService", () => {
 
           const mockEncryptedAccessToken = "encryptedAccessToken";
 
-          encryptService.encrypt.mockResolvedValue({
+          encryptService.encryptString.mockResolvedValue({
             encryptedString: mockEncryptedAccessToken,
           } as any);
 
@@ -504,7 +504,7 @@ describe("TokenService", () => {
             .nextState("encryptedAccessToken");
 
           secureStorageService.get.mockResolvedValue(accessTokenKeyB64);
-          encryptService.decryptToUtf8.mockResolvedValue("decryptedAccessToken");
+          encryptService.decryptString.mockResolvedValue("decryptedAccessToken");
 
           // Need to have global active id set to the user id
           if (!userId) {
@@ -1515,7 +1515,7 @@ describe("TokenService", () => {
             .nextState(encryptedAccessToken);
 
           secureStorageService.get.mockResolvedValue(accessTokenKeyB64);
-          encryptService.decryptToUtf8.mockRejectedValue(new Error("Decryption error"));
+          encryptService.decryptString.mockRejectedValue(new Error("Decryption error"));
 
           // Act
           const result = await tokenService.getAccessToken(userIdFromAccessToken);
diff --git a/libs/common/src/auth/services/token.service.ts b/libs/common/src/auth/services/token.service.ts
index 7b87e55cfc..c27afa6805 100644
--- a/libs/common/src/auth/services/token.service.ts
+++ b/libs/common/src/auth/services/token.service.ts
@@ -289,7 +289,7 @@ export class TokenService implements TokenServiceAbstraction {
   private async encryptAccessToken(accessToken: string, userId: UserId): Promise<EncString> {
     const accessTokenKey = await this.getOrCreateAccessTokenKey(userId);
 
-    return await this.encryptService.encrypt(accessToken, accessTokenKey);
+    return await this.encryptService.encryptString(accessToken, accessTokenKey);
   }
 
   private async decryptAccessToken(
@@ -302,7 +302,7 @@ export class TokenService implements TokenServiceAbstraction {
       );
     }
 
-    const decryptedAccessToken = await this.encryptService.decryptToUtf8(
+    const decryptedAccessToken = await this.encryptService.decryptString(
       encryptedAccessToken,
       accessTokenKey,
     );