diff --git a/authentic2_idp_ltpa/utils.py b/authentic2_idp_ltpa/utils.py
index ab51957..77b6ede 100644
--- a/authentic2_idp_ltpa/utils.py
+++ b/authentic2_idp_ltpa/utils.py
@@ -12,7 +12,6 @@ def decode_secret(secret):
         secret = secret[4:].decode('base64')
     elif secret.startswith('hex:'):
         secret = secret[4:].decode('hex')
-    assert len(secret) == 20, 'secret must be 20 bytes long'
     return secret
 
 def generate_domino_ltpa_token(user, secret, creation=None, expire=None,
@@ -61,10 +60,9 @@ if __name__ == '__main__':
     import datetime
 
     parser = argparse.ArgumentParser(description='Process some integers.')
-    parser.add_argument('--secret',
-            required=True,
-            help='secret as hex or b64 string, must be 20 bytes long, prefix '
-                 'with hex: or b64:')
+    secret_arg = parser.add_argument('--secret',
+            help='secret as plain, hex or base-64 encoded string, prefix '
+                 'with hex: or b64: for encoded strings')
     subparsers = parser.add_subparsers(help='sub-command help')
 
     # create the parser for the "a" command
@@ -78,19 +76,22 @@ if __name__ == '__main__':
     parser_parse.add_argument('token', help='the LTPA cookie content')
 
     args = parser.parse_args()
-    if args.secret.startswith('hex:'):
-        secret = args.secret[4:].decode('hex')
-    elif args.secret.startswith('b64:'):
-        secret = args.secret[4:].decode('base64')
-    else:
-        secret = args.secret
-    assert len(secret) == 20, 'an LTPA secret must be 20 bytes long'
+    if args.secret:
+        if args.secret.startswith('hex:'):
+            args.secret = args.secret[4:].decode('hex')
+        elif args.secret.startswith('b64:'):
+            args.secret = args.secret[4:].decode('base64')
+        else:
+            args.secret = args.secret
 
     if args.command == 'generate':
+        if not args.secret:
+            raise argparse.ArgumentError(secret_arg,
+                    'is required to generate a token')
         print generate_domino_ltpa_token(user=args.user,
-                secret=secret)
+                secret=args.secret)
     elif args.command == 'parse':
-        user, creation, expire = parse_token(args.token, secret=secret)
+        user, creation, expire = parse_token(args.token, secret=args.secret)
         def from_timestamp(t):
             return datetime.datetime.utcfromtimestamp(t).isoformat() + 'Z'
         print 'User:', user