diff --git a/uncloud_net/serializers.py b/uncloud_net/serializers.py
index fc87c71..09baa59 100644
--- a/uncloud_net/serializers.py
+++ b/uncloud_net/serializers.py
@@ -38,17 +38,16 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
         msg = _("Supplied key is not a valid wireguard public key")
 
         """
-        FIXME: verify that this does not create broken wireguard config files,
-        i.e. contains \n or similar!
-        We might even need to be more strict to not break wireguard...
+        Verify wireguard key.
+        See https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html
         """
 
         try:
-            base64.standard_b64decode(value)
+            decoded_key = base64.standard_b64decode(value)
         except Exception as e:
             raise serializers.ValidationError(msg)
 
-        if '\n' in value:
+        if not len(decoded_key) == 32:
             raise serializers.ValidationError(msg)
 
         return value