diff --git a/ChangeLog b/ChangeLog
index 273e76e..a154329 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 Version 1.1.3
+   - Catch nacl.exceptions.ValueError and raise KeyFormatError, similar to how
+     RSA key errors are treated (LP: #2018021)
 
 2023-04-09 Version 1.1.2
    - Verify correct AMS header is used for ARC seal verification (André Cruz)
diff --git a/dkim/__init__.py b/dkim/__init__.py
index c2e77e9..b0d0a86 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -468,6 +468,8 @@ def evaluate_pk(name, s):
               pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder)
           except NameError:
               raise NaClNotFoundError('pynacl module required for ed25519 signing, see README.md')
+          except nacl.exceptions.ValueError as e:
+              raise KeyFormatError("could not parse ed25519 public key (%s): %s" % (pub[b'p'],e))
           keysize = 256
           ktag = b'ed25519'
   except KeyError:
@@ -477,9 +479,9 @@ def evaluate_pk(name, s):
           pk = parse_public_key(base64.b64decode(pub[b'p']))
           keysize = bitsize(pk['modulus'])
       except KeyError:
-          raise KeyFormatError("incomplete public key: %s" % s)
+          raise KeyFormatError("incomplete RSA public key: %s" % s)
       except (TypeError,UnparsableKeyError) as e:
-          raise KeyFormatError("could not parse public key (%s): %s" % (pub[b'p'],e))
+          raise KeyFormatError("could not parse RSA public key (%s): %s" % (pub[b'p'],e))
       ktag = b'rsa'
   if pub[b'k'] != b'rsa' and pub[b'k'] != b'ed25519':
       raise KeyFormatError('unknown algorithm in k= tag: {0}'.format(pub[b'k']))