diff --git a/kishib.py b/kishib.py
index 6abb3a7..4dfeba8 100644
--- a/kishib.py
+++ b/kishib.py
@@ -186,6 +186,10 @@ def parse_pubkey(pubkey):
 		pubkey = pubkey[:-1]
 	fields = pubkey.split(b' ')
 
+	# There should be no newlines after this
+	if b'\n' in pubkey:
+		raise PubkeyParseError
+
 	# algorithm keymaterial [comment]
 	if len(fields) < 2:
 		raise PubkeyParseError
@@ -305,11 +309,20 @@ def main():
 			except IOError as err:
 				error('Could not read server public key: %s' % err)
 
+		try:
+			parse_pubkey(server_pubkey)
+		except PubkeyParseError:
+			error('Public key is in an unrecognized format')
+
 		client_pubkey = server(server_pubkey, port)
 
 		verify(client_pubkey, server_pubkey)
 
-		algorithm, keymaterial, comment = parse_pubkey(client_pubkey)
+		try:
+			algorithm, keymaterial, comment = parse_pubkey(client_pubkey)
+		except PubkeyParseError:
+			error('Parse error on client\'s pubkey')
+
 		authorized_keys_entry = serialize_authorized_keys(algorithm, keymaterial, comment)
 
 		if output_file is None:
@@ -355,6 +368,11 @@ def main():
 			except IOError as err:
 				error('Could not read client public key: %s' % err)
 
+		try:
+			parse_pubkey(client_pubkey)
+		except PubkeyParseError:
+			error('Public key is in an unrecognized format')
+
 		host, = fixed
 		# Support internationalized domain names
 		host = host.encode('idna').decode()
@@ -363,7 +381,11 @@ def main():
 
 		verify(client_pubkey, server_pubkey)
 
-		algorithm, keymaterial, comment = parse_pubkey(server_pubkey)
+		try:
+			algorithm, keymaterial, comment = parse_pubkey(server_pubkey)
+		except PubkeyParseError:
+			error('Parse error on server\'s pubkey')
+
 		known_hosts_entry = serialize_known_hosts(host.encode(), ssh_port, algorithm, keymaterial)
 
 		if output_file is None: