diff --git a/core/java/src/net/i2p/crypto/ElGamalAESEngine.java b/core/java/src/net/i2p/crypto/ElGamalAESEngine.java
index 8b6cce5f1d8397ffe4498f724615fac6487a8109..ec653f45b3996f593c6667a6f0540a4255edcf88 100644
--- a/core/java/src/net/i2p/crypto/ElGamalAESEngine.java
+++ b/core/java/src/net/i2p/crypto/ElGamalAESEngine.java
@@ -389,7 +389,8 @@ public class ElGamalAESEngine {
      *
      * @param target public key to which the data should be encrypted. 
      * @param key session key to use during encryption
-     * @param tagsForDelivery session tags to be associated with the key (or newKey if specified), or null
+     * @param tagsForDelivery session tags to be associated with the key (or newKey if specified), or null;
+     *                        200 max enforced at receiver
      * @param currentTag sessionTag to use, or null if it should use ElG (i.e. new session)
      * @param newKey key to be delivered to the target, with which the tagsForDelivery should be associated, or null
      * @param paddedSize minimum size in bytes of the body after padding it (if less than the
@@ -418,6 +419,30 @@ public class ElGamalAESEngine {
      * Encrypt the data to the target using the given key and deliver the specified tags
      * No new session key
      * This is the one called from GarlicMessageBuilder and is the primary entry point.
+     *
+     * Re: padded size: The AES block adds at least 39 bytes of overhead to the data, and
+     * that is included in the minimum size calculation.
+     *
+     * In the router, we always use garlic messages. A garlic message with a single
+     * clove and zero data is about 84 bytes, so that's 123 bytes minimum. So any paddingSize
+     * <= 128 is a no-op as every message will be at least 128 bytes
+     * (Streaming, if used, adds more overhead).
+     *
+     * Outside the router, with a client using its own message format, the minimum size
+     * is 48, so any paddingSize <= 48 is a no-op.
+     *
+     * Not included in the minimum is a 32-byte session tag for an existing session,
+     * or a 514-byte ElGamal block and several 32-byte session tags for a new session.
+     * So the returned encrypted data will be at least 32 bytes larger than paddedSize.
+     *
+     * @param target public key to which the data should be encrypted. 
+     * @param key session key to use during encryption
+     * @param tagsForDelivery session tags to be associated with the key or null;
+     *                        200 max enforced at receiver
+     * @param currentTag sessionTag to use, or null if it should use ElG (i.e. new session)
+     * @param paddedSize minimum size in bytes of the body after padding it (if less than the
+     *          body's real size, no bytes are appended but the body is not truncated)
+     *
      */
     public byte[] encrypt(byte data[], PublicKey target, SessionKey key, Set tagsForDelivery,
                                  SessionTag currentTag, long paddedSize) {