diff --git a/services/storage_daemon/crypto/src/key_manager.cpp b/services/storage_daemon/crypto/src/key_manager.cpp
index bb09bb95..bd52706f 100644
--- a/services/storage_daemon/crypto/src/key_manager.cpp
+++ b/services/storage_daemon/crypto/src/key_manager.cpp
@@ -1097,7 +1097,7 @@ int KeyManager::ActiveCeSceSeceUserKey(unsigned int user,
     if (!KeyCtrlHasFscryptSyspara()) {
         return 0;
     }
-    if (CheckUserPinProtect(user, token, secret)) {
+    if (CheckUserPinProtect(user, token, secret) != E_OK) {
         LOGE("IAM & Storage mismatch, wait user input pin.");
         return -EFAULT;
     }
@@ -1183,12 +1183,9 @@ int KeyManager::ActiveUeceUserKey(unsigned int user,
     userEl5Key_[user] = elKey;
     UserAuth auth = { .token = token, .secret = secret };
     bool eBufferStatue = false;
-    if (!elKey->DecryptClassE(auth, saveESecretStatus[user], eBufferStatue, user, USER_UNLOCK) &&
-        elKey->DecryptClassE({}, saveESecretStatus[user], user, USER_UNLOCK)) {
-        if (TryToFixUeceKey(user, token, secret) != E_OK) {
-            LOGE("TryToFixUeceKey el5 failed !");
-            return -EFAULT;
-        }
+    if (!elKey->DecryptClassE(auth, saveESecretStatus[user], eBufferStatue, user, USER_UNLOCK)) {
+        LOGE("Unlock user %{public}u E_Class failed", user);
+        return -EFAULT;
     }
 
     if (!token.empty() && !secret.empty() && eBufferStatue) {
@@ -1840,7 +1837,7 @@ int KeyManager::TryToFixUserCeEceSeceKey(unsigned int userId,
     LOGI("enter TryToFixUserCeEceSeceKey");
     keyMutex_.unlock();
     if (!IamClient::GetInstance().HasPinProtect(userId)) {
-        LOGE("User %{public}d has pin code protect.", userId);
+        LOGE("User %{public}d has no pin code protect.", userId);
         return E_OK;
     }
 
@@ -1874,7 +1871,7 @@ int KeyManager::TryToFixUeceKey(unsigned int userId,
     LOGI("enter TryToFixUeceKey");
     keyMutex_.unlock();
     if (!IamClient::GetInstance().HasPinProtect(userId)) {
-        LOGE("User %{public}d has pin code protect.", userId);
+        LOGE("User %{public}d has no pin code protect.", userId);
         return E_OK;
     }
 
@@ -1884,7 +1881,7 @@ int KeyManager::TryToFixUeceKey(unsigned int userId,
         LOGE("Pin code is exist, get secure uid.");
     }
     UserAuth auth = { .token=token, .secret=secret, .secureUid = secureUid };
-    UserTokenSecret tokenSecret = { .token = token, .oldSecret = {'!'}, .newSecret = secret, .secureUid = secureUid};
+    UserTokenSecret tokenSecret = { .token = token, .oldSecret = { }, .newSecret = secret, .secureUid = secureUid};
 
     if (UpdateESecret(userId, tokenSecret) != E_OK) {
         LOGE("try to fix elx key failed !");
diff --git a/services/storage_daemon/include/crypto/base_key.h b/services/storage_daemon/include/crypto/base_key.h
index cbbdfb7e..3c5963a7 100644
--- a/services/storage_daemon/include/crypto/base_key.h
+++ b/services/storage_daemon/include/crypto/base_key.h
@@ -55,7 +55,8 @@ public:
     virtual bool DeleteAppkey(const std::string keyId) = 0;
     virtual bool AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status) = 0;
     virtual bool DeleteClassEPinCode(uint32_t userId) = 0;
-    virtual bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user, uint32_t status) = 0;
+    virtual bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user,
+                               uint32_t status) = 0;
     virtual bool EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status) = 0;
     virtual bool ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId) = 0;
     virtual bool LockUece(bool &isFbeSupport) = 0;
diff --git a/services/storage_daemon/include/crypto/fscrypt_key_v1.h b/services/storage_daemon/include/crypto/fscrypt_key_v1.h
index f68ae73f..750d446d 100644
--- a/services/storage_daemon/include/crypto/fscrypt_key_v1.h
+++ b/services/storage_daemon/include/crypto/fscrypt_key_v1.h
@@ -42,7 +42,8 @@ public:
     bool AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status = 0);
     bool DeleteClassEPinCode(uint32_t userId = 0);
     bool ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId = 0);
-    bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user = 0, uint32_t status = 0);
+    bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user = 0,
+                       uint32_t status = 0);
     bool EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user = 0, uint32_t status = 0);
     bool LockUece(bool &isFbeSupport);
 
diff --git a/services/storage_daemon/include/crypto/fscrypt_key_v2.h b/services/storage_daemon/include/crypto/fscrypt_key_v2.h
index fd0c9c35..6a13b06f 100644
--- a/services/storage_daemon/include/crypto/fscrypt_key_v2.h
+++ b/services/storage_daemon/include/crypto/fscrypt_key_v2.h
@@ -37,7 +37,8 @@ public:
     bool AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status = 0);
     bool DeleteClassEPinCode(uint32_t userId = 0);
     bool ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId = 0);
-    bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user = 0, uint32_t status = 0);
+    bool DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user = 0,
+                       uint32_t status = 0);
     bool EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user = 0, uint32_t status = 0);
     bool GenerateAppkey(uint32_t userId, uint32_t hashId, std::string &keyId);
     bool DeleteAppkey(const std::string KeyId);
diff --git a/services/storage_daemon/include/crypto/key_manager.h b/services/storage_daemon/include/crypto/key_manager.h
index 2a15460f..8ef87f0d 100644
--- a/services/storage_daemon/include/crypto/key_manager.h
+++ b/services/storage_daemon/include/crypto/key_manager.h
@@ -104,7 +104,7 @@ public:
     int GenerateUserKeyByType(unsigned int user, KeyType type,
                               const std::vector<uint8_t> &token,
                               const std::vector<uint8_t> &secret);
-    int TryToFixUserCeEceSeceKey(unsigned int user, KeyType type,
+    int TryToFixUserCeEceSeceKey(unsigned int userId, KeyType type,
                                  const std::vector<uint8_t> &token,
                                  const std::vector<uint8_t> &secret);
     int TryToFixUeceKey(unsigned int userId,
@@ -140,7 +140,7 @@ private:
                           const std::vector<uint8_t> &token,
                           const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey);
     int ActiveElXUserKey(unsigned int user,
-                         const std::vector<uint8_t> &token, KeyType keyTpype,
+                         const std::vector<uint8_t> &token, KeyType keyType,
                          const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey);
     int InactiveUserElKey(unsigned int user, std::map<unsigned int, std::shared_ptr<BaseKey>> &userElxKey_);
     int CheckAndDeleteEmptyEl5Directory(std::string keyDir, unsigned int user);