diff --git a/.golangci.yml b/.golangci.yml
index d2a3f515..bffb2382 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -8,7 +8,7 @@ linters-settings:
     statements: 80
   cyclop:
     # the minimal code complexity to report
-    max-complexity: 22
+    max-complexity: 23
   gocognit:
     min-complexity: 45
 
@@ -19,7 +19,6 @@ issues:
     - GetJsonSHA256Fingerprints should be GetJSONSHA256Fingerprints
     - ST1003  # CamelCase variables; see constants/cipher.go
     - missing output for example, go test can't validate it
-    - ifElseChain
     - variable 'hasExpiredEntity' is only used in the if-statement
   exclude-rules:
     - path: crypto/crypto_example_test.go
diff --git a/crypto/decryption_handle.go b/crypto/decryption_handle.go
index 9ac20368..c696e57d 100644
--- a/crypto/decryption_handle.go
+++ b/crypto/decryption_handle.go
@@ -111,19 +111,19 @@ func (dh *decryptionHandle) DecryptDetached(pgpMessage []byte, encryptedDetached
 // DecryptSessionKey decrypts an encrypted session key.
 // To decrypted a session key, the decryption handle must contain either a decryption key or a password.
 func (dh *decryptionHandle) DecryptSessionKey(keyPackets []byte) (sk *SessionKey, err error) {
-	if len(dh.Passwords) > 0 {
+	switch {
+	case len(dh.Passwords) > 0:
 		for _, passwordCandidate := range dh.Passwords {
 			sk, err = decryptSessionKeyWithPassword(keyPackets, passwordCandidate)
 			if err == nil {
-				return
+				return sk, nil
 			}
 		}
-		return
-	} else if dh.DecryptionKeyRing != nil {
+		return nil, err
+	case dh.DecryptionKeyRing != nil:
 		return decryptSessionKey(dh.DecryptionKeyRing, keyPackets)
-	} else {
-		return nil, errors.New("gopenpgp: no decryption key or password provided")
 	}
+	return nil, errors.New("gopenpgp: no decryption key or password provided")
 }
 
 // ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
diff --git a/crypto/encryption_handle.go b/crypto/encryption_handle.go
index 962352fe..4b59fa38 100644
--- a/crypto/encryption_handle.go
+++ b/crypto/encryption_handle.go
@@ -114,17 +114,17 @@ func (eh *encryptionHandle) Encrypt(message []byte) (*PGPMessage, error) {
 func (eh *encryptionHandle) EncryptSessionKey(sessionKey *SessionKey) ([]byte, error) {
 	config := eh.profile.EncryptionConfig()
 	config.Time = NewConstantClock(eh.clock().Unix())
-	if eh.Password != nil {
+	switch {
+	case eh.Password != nil:
 		return encryptSessionKeyWithPassword(sessionKey, eh.Password, config)
-	} else if eh.Recipients != nil || eh.HiddenRecipients != nil {
+	case eh.Recipients != nil || eh.HiddenRecipients != nil:
 		encryptionTimeOverride := config.Now()
 		if eh.encryptionTimeOverride != nil {
 			encryptionTimeOverride = eh.encryptionTimeOverride()
 		}
 		return encryptSessionKey(eh.Recipients, eh.HiddenRecipients, sessionKey, encryptionTimeOverride, config)
-	} else {
-		return nil, errors.New("gopenpgp: no password or recipients in encryption handle")
 	}
+	return nil, errors.New("gopenpgp: no password or recipients in encryption handle")
 }
 
 // --- Helper methods on encryption handle
@@ -224,8 +224,8 @@ func (eh *encryptionHandle) encryptingWriters(keys, data, detachedSignature Writ
 			keys = data
 		}
 	}
-	if eh.Recipients.CountEntities() > 0 ||
-		eh.HiddenRecipients.CountEntities() > 0 {
+	switch {
+	case eh.Recipients.CountEntities() > 0 || eh.HiddenRecipients.CountEntities() > 0:
 		// Encrypt towards recipients
 		if !eh.DetachedSignature {
 			// Signature is inside the ciphertext.
@@ -234,21 +234,21 @@ func (eh *encryptionHandle) encryptingWriters(keys, data, detachedSignature Writ
 			// Encrypted detached signature separate from the ciphertext.
 			messageWriter, err = eh.encryptSignDetachedStreamToRecipients(meta, detachedSignature, data, keys)
 		}
-	} else if eh.Password != nil {
+	case eh.Password != nil:
 		// Encrypt with a password
 		if !eh.DetachedSignature {
 			messageWriter, err = eh.encryptStreamWithPassword(keys, data, meta)
 		} else {
 			messageWriter, err = eh.encryptSignDetachedStreamToRecipients(meta, detachedSignature, data, keys)
 		}
-	} else if eh.SessionKey != nil {
+	case eh.SessionKey != nil:
 		// Encrypt towards session key
 		if !eh.DetachedSignature {
 			messageWriter, err = eh.encryptStreamWithSessionKey(data, meta)
 		} else {
 			messageWriter, err = eh.encryptSignDetachedStreamWithSessionKey(meta, detachedSignature, data)
 		}
-	} else {
+	default:
 		// No encryption material provided
 		err = errors.New("gopenpgp: no encryption key ring, session key, or password provided")
 	}