diff --git a/src/apk_defines.h b/src/apk_defines.h
index 78d37e12ff9913a3fa2c49e36a3032638864bed5..96e3addece9366d85b5521781c55e0fc87453b5e 100644
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@@ -42,7 +42,7 @@ enum {
 	APKE_CRYPTO_ERROR,
 	APKE_CRYPTO_NOT_SUPPORTED,
 	APKE_CRYPTO_KEY_FORMAT,
-	APKE_SIGNATURE_FAIL,
+	APKE_SIGNATURE_GEN_FAILURE,
 	APKE_SIGNATURE_UNTRUSTED,
 	APKE_SIGNATURE_INVALID,
 	APKE_FORMAT_INVALID,
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 9f94f7d7f559e3ba5ecf3638a9bfd616564e132f..59320e561e5113341ecee6b6fa8b5245b4c04b2e 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -101,15 +101,17 @@ static int apk_pkey_init(struct apk_pkey *pkey, EVP_PKEY *key)
 {
 	unsigned char dig[EVP_MAX_MD_SIZE], *pub = NULL;
 	unsigned int dlen = sizeof dig;
-	int len;
+	int len, r = -APKE_CRYPTO_ERROR;
 
 	if ((len = i2d_PublicKey(key, &pub)) < 0) return -APKE_CRYPTO_ERROR;
-	EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL);
-	memcpy(pkey->id, dig, sizeof pkey->id);
+	if (EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL) == 1) {
+		memcpy(pkey->id, dig, sizeof pkey->id);
+		r = 0;
+	}
 	OPENSSL_free(pub);
-
 	pkey->key = key;
-	return 0;
+
+	return r;
 }
 
 void apk_pkey_free(struct apk_pkey *pkey)
@@ -154,7 +156,7 @@ int apk_sign_start(struct apk_digest_ctx *dctx, uint8_t alg, struct apk_pkey *pk
 int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len)
 {
 	if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1)
-		return -APKE_SIGNATURE_FAIL;
+		return -APKE_SIGNATURE_GEN_FAILURE;
 	return 0;
 }
 
diff --git a/src/print.c b/src/print.c
index 0910676cbb77d5d09fa5cd82398d5089ac22e261..808d74fe266adc83d69555944a522b610d009b24 100644
--- a/src/print.c
+++ b/src/print.c
@@ -35,7 +35,7 @@ const char *apk_error_str(int error)
 	case APKE_CRYPTO_ERROR:			return "crypto error";
 	case APKE_CRYPTO_NOT_SUPPORTED:		return "cryptographic algorithm not supported";
 	case APKE_CRYPTO_KEY_FORMAT:		return "cryptographic key format not recognized";
-	case APKE_SIGNATURE_FAIL:		return "signing failure";
+	case APKE_SIGNATURE_GEN_FAILURE:	return "signing failure";
 	case APKE_SIGNATURE_UNTRUSTED:		return "UNTRUSTED signature";
 	case APKE_SIGNATURE_INVALID:		return "BAD signature";
 	case APKE_FORMAT_INVALID:		return "file format is invalid or inconsistent";