diff --git a/voice.py b/voice.py
index 63004a9..9aef14c 100644
--- a/voice.py
+++ b/voice.py
@@ -270,13 +270,31 @@ class VoiceSession:
                     if remote_identity:
                         break
 
-            # Caller key was passed as shared_key at connect time — no further
-            # per-participant set_key needed for decryption.
+            # Caller key was passed as shared_key at connect time — verify it's stored.
             if self._caller_key:
                 logger.info("Caller key active as shared_key (%d bytes, index 0)", len(self._caller_key))
+                try:
+                    stored = kp.export_shared_key(0)
+                    if stored == self._caller_key:
+                        logger.info("VERIFIED: shared key[0] matches caller key (%d bytes)", len(stored))
+                    else:
+                        logger.warning("MISMATCH: stored shared key[0] (%d bytes) != caller key (%d bytes)",
+                                       len(stored), len(self._caller_key))
+                        logger.warning("stored=%s", stored.hex())
+                        logger.warning("caller=%s", self._caller_key.hex())
+                except Exception as e:
+                    logger.warning("Could not export shared key: %s", e)
             else:
                 logger.warning("No caller E2EE key — incoming audio will be silence")
 
+            # Also set caller key as per-participant key (belt+suspenders: both modes)
+            if self._caller_key and remote_identity:
+                try:
+                    kp.set_key(remote_identity, self._caller_key, 0)
+                    logger.info("Also set per-participant key for %s (%d bytes)", remote_identity, len(self._caller_key))
+                except Exception as e:
+                    logger.warning("Failed to set per-participant caller key: %s", e)
+
             if remote_identity:
                 logger.info("Linking to remote participant: %s", remote_identity)