diff --git a/src/Controller/EncryptionController.php b/src/Controller/EncryptionController.php
index 96c30bc..826e385 100644
--- a/src/Controller/EncryptionController.php
+++ b/src/Controller/EncryptionController.php
@@ -39,17 +39,21 @@ class EncryptionController
      */
     function safeDecrypt(string $encrypted, string $key): string
     {
+        $binKey = sodium_hex2bin(string: $key);
+
         $decoded = base64_decode(string: $encrypted);
         if ($decoded === false) {
-            throw new Exception(message: 'Decoding broken. Wrong key?');
+            throw new Exception(message: 'Decoding broken. Wrong payload.');
         }
+
         if (mb_strlen(string: $decoded, encoding: '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
             throw new Exception(message: 'Decoding broken. Incomplete message.');
         }
+
         $nonce = mb_substr(string: $decoded, start: 0, length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, encoding: '8bit');
         $ciphertext = mb_substr(string: $decoded, start: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, length: null, encoding: '8bit');
 
-        $plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $key);
+        $plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $binKey);
         if ($plain === false) {
             throw new Exception(message: 'The message was tampered with in transit');
         }