diff --git a/src/ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.cs b/src/ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.cs
index 7a43c42a2..b6d4025d1 100644
--- a/src/ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.cs
+++ b/src/ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.cs
@@ -153,7 +153,10 @@ public bool CanPatchEntries
 
 		#region Encryption
 
-		private ICryptoTransform cryptoTransform_;
+		/// <summary>
+		/// The CryptoTransform currently being used to encrypt the compressed data.
+		/// </summary>
+		protected ICryptoTransform cryptoTransform_;
 
 		/// <summary>
 		/// Returns the 10 byte AUTH CODE to be appended immediately following the AES data stream.
@@ -177,34 +180,6 @@ protected void EncryptBlock(byte[] buffer, int offset, int length)
 			cryptoTransform_.TransformBlock(buffer, 0, length, buffer, 0);
 		}
 
-		/// <summary>
-		/// Initializes encryption keys based on given <paramref name="password"/>.
-		/// </summary>
-		/// <param name="password">The password.</param>
-		protected void InitializePassword(string password)
-		{
-			var pkManaged = new PkzipClassicManaged();
-			byte[] key = PkzipClassic.GenerateKeys(ZipStrings.ConvertToArray(password));
-			cryptoTransform_ = pkManaged.CreateEncryptor(key, null);
-		}
-
-		/// <summary>
-		/// Initializes encryption keys based on given password.
-		/// </summary>
-		protected void InitializeAESPassword(ZipEntry entry, string rawPassword,
-											out byte[] salt, out byte[] pwdVerifier)
-		{
-			salt = new byte[entry.AESSaltLen];
-			// Salt needs to be cryptographically random, and unique per file
-			if (_aesRnd == null)
-				_aesRnd = RandomNumberGenerator.Create();
-			_aesRnd.GetBytes(salt);
-			int blockSize = entry.AESKeySize / 8;   // bits to bytes
-
-			cryptoTransform_ = new ZipAESTransform(rawPassword, salt, blockSize, true);
-			pwdVerifier = ((ZipAESTransform)cryptoTransform_).PwdVerifier;
-		}
-
 		#endregion Encryption
 
 		#region Deflation Support
@@ -459,12 +434,5 @@ public override void Write(byte[] buffer, int offset, int count)
 		private bool isClosed_;
 
 		#endregion Instance Fields
-
-		#region Static Fields
-
-		// Static to help ensure that multiple files within a zip will get different random salt
-		private static RandomNumberGenerator _aesRnd = RandomNumberGenerator.Create();
-
-		#endregion Static Fields
 	}
 }
diff --git a/src/ICSharpCode.SharpZipLib/Zip/ZipOutputStream.cs b/src/ICSharpCode.SharpZipLib/Zip/ZipOutputStream.cs
index 5a91ef554..3fb475b5f 100644
--- a/src/ICSharpCode.SharpZipLib/Zip/ZipOutputStream.cs
+++ b/src/ICSharpCode.SharpZipLib/Zip/ZipOutputStream.cs
@@ -1,5 +1,6 @@
 using ICSharpCode.SharpZipLib.Checksum;
 using ICSharpCode.SharpZipLib.Core;
+using ICSharpCode.SharpZipLib.Encryption;
 using ICSharpCode.SharpZipLib.Zip.Compression;
 using ICSharpCode.SharpZipLib.Zip.Compression.Streams;
 using System;
@@ -657,6 +658,34 @@ public void CloseEntry()
 			curEntry = null;
 		}
 
+		/// <summary>
+		/// Initializes encryption keys based on given <paramref name="password"/>.
+		/// </summary>
+		/// <param name="password">The password.</param>
+		private void InitializePassword(string password)
+		{
+			var pkManaged = new PkzipClassicManaged();
+			byte[] key = PkzipClassic.GenerateKeys(ZipStrings.ConvertToArray(password));
+			cryptoTransform_ = pkManaged.CreateEncryptor(key, null);
+		}
+
+		/// <summary>
+		/// Initializes encryption keys based on given password.
+		/// </summary>
+		private void InitializeAESPassword(ZipEntry entry, string rawPassword,
+											out byte[] salt, out byte[] pwdVerifier)
+		{
+			salt = new byte[entry.AESSaltLen];
+			// Salt needs to be cryptographically random, and unique per file
+			if (_aesRnd == null)
+				_aesRnd = RandomNumberGenerator.Create();
+			_aesRnd.GetBytes(salt);
+			int blockSize = entry.AESKeySize / 8;   // bits to bytes
+
+			cryptoTransform_ = new ZipAESTransform(rawPassword, salt, blockSize, true);
+			pwdVerifier = ((ZipAESTransform)cryptoTransform_).PwdVerifier;
+		}
+
 		private void WriteEncryptionHeader(long crcValue)
 		{
 			offset += ZipConstants.CryptoHeaderSize;
@@ -1039,5 +1068,12 @@ public override void Flush()
 		private string password;
 
 		#endregion Instance Fields
+
+		#region Static Fields
+
+		// Static to help ensure that multiple files within a zip will get different random salt
+		private static RandomNumberGenerator _aesRnd = RandomNumberGenerator.Create();
+
+		#endregion Static Fields
 	}
 }