diff --git a/src/vault/cipher.rs b/src/vault/cipher.rs
index f8948cf..88d306c 100644
--- a/src/vault/cipher.rs
+++ b/src/vault/cipher.rs
@@ -50,8 +50,7 @@ pub fn totp_now(secret_base32: &str, hash_function: &TotpHash) -> LprsResult<(St
         .expect("SystemTime before UNIX EPOCH!")
         .as_secs();
     let remaining = 30 - (now % 30) as u8;
-    let secret = base32::decode(Base32Alphabet::RFC4648 { padding: true }, secret_base32)
-        .ok_or_else(|| LprsError::Base32("Can't decode the TOTP secret".to_owned()))?;
+    let secret = base32_decode(secret_base32)?;
     Ok(match hash_function {
         TotpHash::Sha1 => {
             (
@@ -74,6 +73,15 @@ pub fn totp_now(secret_base32: &str, hash_function: &TotpHash) -> LprsResult<(St
     })
 }
 
+/// Base32 decode
+///
+/// ## Errors
+/// - If the given string not valid base32 string
+pub fn base32_decode(base32_string: &str) -> LprsResult<Vec<u8>> {
+    base32::decode(Base32Alphabet::RFC4648 { padding: true }, base32_string)
+        .ok_or_else(|| LprsError::Base32("Invalid base32 string".to_owned()))
+}
+
 /// Encrypt the given data by the given key using AES-256 CBC
 ///
 /// Note: The IV will be add it to the end of the ciphertext (Last 16 bytes)