diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
index ffc7b9b9448a515ead88daf28a24922fa8619411..88841143c10858cda3bda3658a530772f4eb1eb2 100644
--- a/lib/SAML2/Utils.php
+++ b/lib/SAML2/Utils.php
@@ -297,11 +297,13 @@ class SAML2_Utils {
 	/**
 	 * Decrypt an encrypted element.
 	 *
+	 * This is an internal helper function.
+	 *
 	 * @param DOMElement $encryptedData  The encrypted data.
 	 * @param XMLSecurityKey $inputKey  The decryption key.
 	 * @return DOMElement  The decrypted element.
 	 */
-	public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
+	private static function _decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
 
 		$enc = new XMLSecEnc();
 
@@ -372,10 +374,36 @@ class SAML2_Utils {
 			throw new Exception('Missing encrypted element.');
 		}
 
+		if (!($decryptedElement instanceof DOMElement)) {
+			throw new Exception('Decrypted element was not actually a DOMElement.');
+		}
+
 		return $decryptedElement;
 	}
 
 
+	/**
+	 * Decrypt an encrypted element.
+	 *
+	 * @param DOMElement $encryptedData  The encrypted data.
+	 * @param XMLSecurityKey $inputKey  The decryption key.
+	 * @return DOMElement  The decrypted element.
+	 */
+	public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
+
+		try {
+			return self::_decryptElement($encryptedData, $inputKey);
+		} catch (Exception $e) {
+			/*
+			 * Something went wrong during decryption, but for security
+			 * reasons we cannot tell the user what failed.
+			 */
+			SimpleSAML_Logger::error('Decryption failed: ' . $e->getMessage());
+			throw new Exception('Failed to decrypt XML element.');
+		}
+	}
+
+
 	/**
 	 * Extract localized strings from a set of nodes.
 	 *