diff --git a/src/lib/server/services/key.ts b/src/lib/server/services/key.ts
index f5dfa44..7222036 100644
--- a/src/lib/server/services/key.ts
+++ b/src/lib/server/services/key.ts
@@ -1,5 +1,5 @@
 import { error } from "@sveltejs/kit";
-import { randomBytes, publicEncrypt } from "crypto";
+import { randomBytes, publicEncrypt, createPublicKey } from "crypto";
 import ms from "ms";
 import { promisify } from "util";
 import {
@@ -29,6 +29,15 @@ export const registerPubKey = async (userId: number, ip: string, pubKey: string)
     error(409, "Public key already registered");
   }
 
+  const pubKeyPem = `-----BEGIN PUBLIC KEY-----\n${pubKey}\n-----END PUBLIC KEY-----`;
+  const pubKeyObject = createPublicKey(pubKeyPem);
+  if (
+    pubKeyObject.asymmetricKeyType !== "rsa" ||
+    pubKeyObject.asymmetricKeyDetails?.modulusLength !== 4096
+  ) {
+    error(400, "Invalid public key");
+  }
+
   const clientId = await createClient(pubKey, userId);
   return await generateChallenge(userId, ip, clientId, pubKey);
 };