diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 70e535fe..ea0d5d49 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2276,6 +2276,9 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
         return SSH_ERROR;
     }
 
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buf);
+
     rc = ssh_buffer_add_data(buf,
                              ssh_string_data(sig_blob),
                              (uint32_t)ssh_string_len(sig_blob));
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 2361112b..78abd323 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1848,6 +1848,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                     ssh_signature_free(sig);
                     return NULL;
                 }
+                /* The buffer will contain sensitive information. */
+                ssh_buffer_set_secure(b);
 
                 rc = ssh_buffer_add_data(b,
                                          ssh_string_data(sig_blob),