From 98f95fca15a95d0666a1a9c4436a5998fe3a25fe Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Tue, 1 Jul 2025 10:57:50 -0300
Subject: [PATCH] check for validity of secret key when parsing from hex.

---
 keys.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/keys.go b/keys.go
index 645743f..e16abbe 100644
--- a/keys.go
+++ b/keys.go
@@ -29,19 +29,23 @@ func (sk SecretKey) Hex() string    { return hex.EncodeToString(sk[:]) }
 func (sk SecretKey) Public() PubKey { return GetPublicKey(sk) }
 
 func SecretKeyFromHex(skh string) (SecretKey, error) {
-	id := SecretKey{}
+	sk := SecretKey{}
 
 	if len(skh) < 64 {
 		skh = strings.Repeat("0", 64-len(skh)) + skh
 	} else if len(skh) > 64 {
-		return id, fmt.Errorf("secret key should be at most 64-char hex, got '%s'", skh)
+		return sk, fmt.Errorf("secret key should be at most 64-char hex, got '%s'", skh)
 	}
 
-	if _, err := hex.Decode(id[:], unsafe.Slice(unsafe.StringData(skh), 64)); err != nil {
-		return id, fmt.Errorf("'%s' is not valid hex: %w", skh, err)
+	if _, err := hex.Decode(sk[:], unsafe.Slice(unsafe.StringData(skh), 64)); err != nil {
+		return sk, fmt.Errorf("'%s' is not valid hex: %w", skh, err)
 	}
 
-	return id, nil
+	if sk.Public() != ZeroPK {
+		return sk, nil
+	}
+
+	return sk, fmt.Errorf("invalid secret key")
 }
 
 func MustSecretKeyFromHex(idh string) SecretKey {