From f334dcf243e150f227e5211967674a5dad277195 Mon Sep 17 00:00:00 2001
From: npty <nptytn2@gmail.com>
Date: Fri, 31 Jan 2025 13:59:47 +0700
Subject: [PATCH 1/2] refactor: improve private key decoding error handling

---
 sui/utils/sign-utils.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/sui/utils/sign-utils.js b/sui/utils/sign-utils.js
index e2a01e4c8..77d8ee0e6 100644
--- a/sui/utils/sign-utils.js
+++ b/sui/utils/sign-utils.js
@@ -50,7 +50,7 @@ function getWallet(chain, options) {
 
     switch (options.privateKeyType) {
         case 'bech32': {
-            const decodedKey = decodeSuiPrivateKey(options.privateKey);
+            const decodedKey = decodePrivateKey(options.privateKey);
             const secretKey = decodedKey.secretKey;
             keypair = scheme.fromSecretKey(secretKey);
             break;
@@ -116,8 +116,17 @@ async function generateKeypair(options) {
     }
 }
 
+// Redacted private key from the error message
+function decodePrivateKey(privateKey) {
+    try {
+        return decodeSuiPrivateKey(privateKey);
+    } catch (e) {
+        throw new Error(`Invalid Sui private key`);
+    }
+}
+
 function getRawPrivateKey(keypair) {
-    return decodeSuiPrivateKey(keypair.getSecretKey()).secretKey;
+    return decodePrivateKey(keypair.getSecretKey()).secretKey;
 }
 
 async function broadcast(client, keypair, tx, actionName) {

From 494bc62eaaa7f93ef5f2e9be70623e89a102a0a4 Mon Sep 17 00:00:00 2001
From: npty <nptytn2@gmail.com>
Date: Fri, 31 Jan 2025 14:03:57 +0700
Subject: [PATCH 2/2] fix: improve error handling and validation in
 decodePrivateKey

---
 sui/utils/sign-utils.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sui/utils/sign-utils.js b/sui/utils/sign-utils.js
index 77d8ee0e6..b70db708a 100644
--- a/sui/utils/sign-utils.js
+++ b/sui/utils/sign-utils.js
@@ -116,12 +116,16 @@ async function generateKeypair(options) {
     }
 }
 
-// Redacted private key from the error message
+// Decodes a Sui private key without exposing the secret key when failing
 function decodePrivateKey(privateKey) {
+    if (typeof privateKey !== 'string' || !privateKey) {
+        throw new Error('Private key must be a non-empty string');
+    }
+
     try {
         return decodeSuiPrivateKey(privateKey);
     } catch (e) {
-        throw new Error(`Invalid Sui private key`);
+        throw new Error('Invalid Sui private key - please verify the format');
     }
 }