diff --git a/crypto/p256/public.go b/crypto/p256/public.go
index 0630543..38403fd 100644
--- a/crypto/p256/public.go
+++ b/crypto/p256/public.go
@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.
diff --git a/crypto/p384/public.go b/crypto/p384/public.go
index c47d977..646e120 100644
--- a/crypto/p384/public.go
+++ b/crypto/p384/public.go
@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.
diff --git a/crypto/p521/public.go b/crypto/p521/public.go
index c7a2f3a..36d1235 100644
--- a/crypto/p521/public.go
+++ b/crypto/p521/public.go
@@ -66,7 +66,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*ecdsa.PublicKey)}, nil
+	ecdsaPub, ok := pub.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: ecdsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.
diff --git a/crypto/rsa/private.go b/crypto/rsa/private.go
index 7004f28..3b2ca43 100644
--- a/crypto/rsa/private.go
+++ b/crypto/rsa/private.go
@@ -54,7 +54,10 @@ func PrivateKeyFromPKCS8DER(bytes []byte) (*PrivateKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	rsaPriv := priv.(*rsa.PrivateKey)
+	rsaPriv, ok := priv.(*rsa.PrivateKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid private key type")
+	}
 	return &PrivateKey{k: rsaPriv}, nil
 }
 
diff --git a/crypto/rsa/public.go b/crypto/rsa/public.go
index 06137cc..6bd685d 100644
--- a/crypto/rsa/public.go
+++ b/crypto/rsa/public.go
@@ -74,7 +74,11 @@ func PublicKeyFromX509DER(bytes []byte) (*PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &PublicKey{k: pub.(*rsa.PublicKey)}, nil
+	rsaPub, ok := pub.(*rsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("invalid public key")
+	}
+	return &PublicKey{k: rsaPub}, nil
 }
 
 // PublicKeyFromX509PEM decodes an X.509 PEM (string) encoded public key.