diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 8f3b21ea..366b377d 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1601,6 +1601,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     int rc;
     BIGNUM *pr = NULL, *ps = NULL;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index ff60dc67..5506edfb 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     size_t rsalen;
     int rc;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index da6e4da1..ee791db0 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     ssh_signature sig = NULL;
     int rc;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;