diff --git a/.github/workflows/generator-windows.yml b/.github/workflows/generator-windows.yml
index 9ddfad3..c167c8d 100644
--- a/.github/workflows/generator-windows.yml
+++ b/.github/workflows/generator-windows.yml
@@ -99,30 +99,48 @@ jobs:
           from cryptography.hazmat.primitives import hashes, serialization
           from cryptography.hazmat.primitives.asymmetric import padding
 
-          private_key = serialization.load_pem_private_key(
-              os.environ['PRIVATE_KEY'].encode(), 
-              password=None
-          )
-
-          encrypted_key_bytes = base64.b64decode(os.environ['ENCRYPTED_KEY'])
-          session_key = private_key.decrypt(
-              encrypted_key_bytes,
-              padding.OAEP(
-                  mgf=padding.MGF1(algorithm=hashes.SHA256()),
-                  algorithm=hashes.SHA256(),
-                  label=None
+          try:
+              # 1. Load Private Key
+              private_key_raw = os.environ.get('PRIVATE_KEY', '')
+              private_key = serialization.load_pem_private_key(
+                  private_key_raw.encode(), 
+                  password=None
               )
-          )
 
-          fernet = Fernet(session_key)
-          decrypted_json = fernet.decrypt(os.environ['ENCRYPTED_DATA'].encode()).decode('utf-8')
-          data = json.loads(decrypted_json)
+              # 2. Decrypt the Session Key
+              # Ensure we strip any accidental whitespace
+              encrypted_key_b64 = os.environ.get('ENCRYPTED_KEY', '').strip()
+              encrypted_key_bytes = base64.b64decode(encrypted_key_b64)
+              
+              session_key = private_key.decrypt(
+                  encrypted_key_bytes,
+                  padding.OAEP(
+                      mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                      algorithm=hashes.SHA256(),
+                      label=None
+                  )
+              )
 
-          with open(os.environ['GITHUB_ENV'], 'a') as f:
-              for key, value in data.items():
-                  # This prevents the value from appearing in ANY logs
-                  print(f"::add-mask::{value}")
-                  f.write(f"{key}={value}\n")
+              # 3. Decrypt the Data Bundle
+              # Fernet keys must be the exact bytes we decrypted
+              fernet = Fernet(session_key)
+              
+              encrypted_data_str = os.environ.get('ENCRYPTED_DATA', '').strip()
+              # Convert string back to bytes for Fernet
+              decrypted_json = fernet.decrypt(encrypted_data_str.encode()).decode('utf-8')
+              
+              data = json.loads(decrypted_json)
+
+              with open(os.environ['GITHUB_ENV'], 'a') as f:
+                  for key, value in data.items():
+                      print(f"::add-mask::{value}")
+                      f.write(f"VAR_{key.upper()}={value}\n")
+                      
+          except Exception as e:
+              print(f"Decryption failed! Error: {str(e)}")
+              # Print the first 10 chars of data to see if it's empty/malformed (safe)
+              print(f"Data snippet: {os.environ.get('ENCRYPTED_DATA', '')[:10]}...")
+              exit(1)
 
       - name: Export GitHub Actions cache environment variables
         uses: actions/github-script@v6