diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
index 6a959c261e7c53503a52c9279d48c0857c82636c..00e5a33905d839dde73a8218eeb3ae94736c04df 100644
--- a/lib/SAML2/Utils.php
+++ b/lib/SAML2/Utils.php
@@ -398,6 +398,10 @@ class SAML2_Utils {
 
 			try {
 				$key = $encKey->decryptKey($symmetricKeyInfo);
+				if (strlen($key) != $keySize) {
+					throw new Exception('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' .
+										var_export($symmetricKey->type, TRUE));
+				}
 			} catch (Exception $e) {
 				/* We failed to decrypt this key. Log it, and substitute a "random" key. */
 				SimpleSAML_Logger::error('Failed to decrypt symmetric key: ' . $e->getMessage());