diff --git a/src/jwt.erl b/src/jwt.erl
index b17b679..4a33112 100644
--- a/src/jwt.erl
+++ b/src/jwt.erl
@@ -243,8 +243,12 @@ jwt_check_sig({hmac, _} = Alg, Payload, Signature, Key) ->
 
 jwt_check_sig({Algo, Crypto}, Payload, Signature, Pem)
     when (Algo =:= rsa orelse Algo =:= ecdsa) andalso is_binary(Pem) ->
-    jwt_check_sig({Algo, Crypto}, Payload, Signature, pem_to_key(Pem));
-
+        case pem_to_key(Pem) of
+            <<"">> ->
+                false;
+            Key ->
+                jwt_check_sig({Algo, Crypto}, Payload, Signature, Key)
+        end;
 jwt_check_sig({rsa, Crypto}, Payload, Signature, Key) ->
     public_key:verify(Payload, Crypto, base64url:decode(Signature), Key);
 
@@ -331,10 +335,13 @@ append_claim(ClaimsSet, Key, Val) when is_map(ClaimsSet) ->
 append_claim(ClaimsSet, Key, Val) -> [{ Key, Val } | ClaimsSet].
 
 pem_to_key(Pem) ->
-    Decoded = case public_key:pem_decode(Pem) of
+    case public_key:pem_decode(Pem) of
         [_, Key] ->
-            Key;
+            Key,
+            public_key:pem_entry_decode(Key);
         [Key] ->
-            Key
-    end,
-    public_key:pem_entry_decode(Decoded).
+            Key,
+            public_key:pem_entry_decode(Key);
+        [] ->
+            <<"">>
+    end.