diff --git a/services/protocol/src/pake_protocol/pake_v1_protocol/pake_v1_protocol_common.c b/services/protocol/src/pake_protocol/pake_v1_protocol/pake_v1_protocol_common.c
index dd26f6935bac9a88cde43cc5bb6ae167a4010cf1..16d1af1985d9c3ee02c54dd2cedbbe2a45cb951a 100644
--- a/services/protocol/src/pake_protocol/pake_v1_protocol/pake_v1_protocol_common.c
+++ b/services/protocol/src/pake_protocol/pake_v1_protocol/pake_v1_protocol_common.c
@@ -174,6 +174,20 @@ CLEAN_UP:
     return res;
 }
 
+static void PrintPskValue(const uint8_t *pskVal, uint32_t pskLen)
+{
+    char *pskStr = (char *)HcMalloc(pskLen + 1, 0);
+    if (pskStr == NULL) {
+        return;
+    }
+    if (memcpy_s(pskStr, pskLen, pskVal, pskLen) != EOK) {
+        HcFree(pskStr);
+        return;
+    }
+    PRINT_SENSITIVE_DATA("pskValue", pskStr);
+    HcFree(pskStr);
+}
+
 static int32_t GeneratePakeParams(PakeBaseParams *params)
 {
     int32_t res;
@@ -198,7 +212,7 @@ static int32_t GeneratePakeParams(PakeBaseParams *params)
     Uint8Buff keyInfo = { (uint8_t *)HICHAIN_SPEKE_BASE_INFO, HcStrlen(HICHAIN_SPEKE_BASE_INFO) };
     KeyParams keyParams = { { params->psk.val, params->psk.length, false }, false, params->osAccountId };
     res = params->loader->computeHkdf(&keyParams, &(params->salt), &keyInfo, &secret);
-    PRINT_SENSITIVE_DATA("pskValue", (char *)params->psk.val);
+    PrintPskValue(params->psk.val, params->psk.length);
     PRINT_DEBUG_MSG(secret.val, secret.length, "secretValue");
     if (res != HC_SUCCESS) {
         LOGE("Derive secret from psk failed, res: %" LOG_PUB "x.", res);