diff --git a/doc/jose/jwk/jwksupport/jwk.go b/doc/jose/jwk/jwksupport/jwk.go
index e1417d3..f9e85c4 100644
--- a/doc/jose/jwk/jwksupport/jwk.go
+++ b/doc/jose/jwk/jwksupport/jwk.go
@@ -63,7 +63,7 @@ func JWKFromKey(opaqueKey interface{}) (*jwk.JWK, error) {
 // PubKeyBytesToKey creates an opaque key struct from the given public key bytes.
 // It's e.g. *ecdsa.PublicKey, *ecdsa.PrivateKey, ed25519.VerificationMethod, *bbs12381g2pub.PrivateKey or
 // *bbs12381g2pub.PublicKey.
-func PubKeyBytesToKey(bytes []byte, keyType kms.KeyType) (interface{}, error) { // nolint:gocyclo
+func PubKeyBytesToKey(bytes []byte, keyType kms.KeyType) (interface{}, error) { // nolint:gocyclo,funlen
 	switch keyType {
 	case kms.ED25519Type:
 		return ed25519.PublicKey(bytes), nil
@@ -105,6 +105,7 @@ func PubKeyBytesToKey(bytes []byte, keyType kms.KeyType) (interface{}, error) {
 		if err != nil {
 			return nil, errors.New("rsa: invalid public key")
 		}
+
 		return pubKeyRsa, nil
 	case kms.ECDSASecp256k1TypeDER:
 		return parseSecp256k1DER(bytes)
diff --git a/doc/jose/jwk/jwksupport/jwk_test.go b/doc/jose/jwk/jwksupport/jwk_test.go
index a9a3eae..fce93e0 100644
--- a/doc/jose/jwk/jwksupport/jwk_test.go
+++ b/doc/jose/jwk/jwksupport/jwk_test.go
@@ -860,6 +860,12 @@ func TestPublicKeyFromJWK(t *testing.T) {
 	})
 }
 
+func TestRSAKeyFailParse(t *testing.T) {
+	resultJWK, err := PubKeyBytesToJWK([]byte{0x1}, kms.RSARS256)
+	require.ErrorContains(t, err, "rsa: invalid public key")
+	require.Nil(t, resultJWK)
+}
+
 func TestRSAKey(t *testing.T) {
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err)