diff --git a/go.work.sum b/go.work.sum
index 819c0c0ac8..53524d5376 100644
--- a/go.work.sum
+++ b/go.work.sum
@@ -2043,6 +2043,7 @@ golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2079,6 +2080,7 @@ golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2191,6 +2193,7 @@ golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808 h1:+Kc94D8UVEVxJnLXp/+FMfqQARZtWHfVrcRtcG8aT3g=
 golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=
@@ -2222,6 +2225,7 @@ golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/service/policy/kasregistry/key_access_server_registry.go b/service/policy/kasregistry/key_access_server_registry.go
index 563e447b23..cd8895c3ed 100644
--- a/service/policy/kasregistry/key_access_server_registry.go
+++ b/service/policy/kasregistry/key_access_server_registry.go
@@ -24,11 +24,13 @@ import (
 )
 
 var (
-	ErrInvalidKeyAlg    = errors.New("invalid key algorithm")
-	ErrInvalidKey       = errors.New("invalid key")
-	ErrInvalidKeySize   = errors.New("invalid key size")
-	ErrInvalidKeyCurve  = errors.New("invalid key curve")
-	ErrUnsupportedCurve = errors.New("unsupported curve")
+	ErrFailedToDecodePEM      = errors.New("failed to decode PEM block from public key")
+	ErrFailedToParsePublicKey = errors.New("failed to parse public key from PEM block")
+	ErrUnsupportedKeyAlg      = errors.New("unsupported key algorithm")
+	ErrKeyAlgMismatch         = errors.New("key algorithm does not match the provided algorithm")
+	ErrInvalidRSAKeySize      = errors.New("invalid rsa key size")
+	ErrInvalidECKeyCurve      = errors.New("invalid ec key curve")
+	ErrUnsupportedCurve       = errors.New("unsupported curve")
 )
 
 type KeyAccessServerRegistry struct {
@@ -227,11 +229,11 @@ func getCurveFromAlg(alg policy.KasPublicKeyAlgEnum) (elliptic.Curve, error) {
 func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error {
 	block, _ := pem.Decode([]byte(key))
 	if block == nil {
-		return ErrInvalidKey
+		return ErrFailedToDecodePEM
 	}
 	pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
-		return ErrInvalidKey
+		return ErrFailedToParsePublicKey
 	}
 
 	switch alg { //nolint:exhaustive // covers all cases
@@ -240,7 +242,7 @@ func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error {
 
 		rsaKey, ok := pubKey.(*rsa.PublicKey)
 		if !ok {
-			return ErrInvalidKeyAlg
+			return ErrKeyAlgMismatch
 		}
 
 		expectedSize := 0
@@ -252,7 +254,7 @@ func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error {
 		}
 
 		if rsaKey.Size() != expectedSize { // 2048 bits = 256 bytes
-			return ErrInvalidKeySize
+			return ErrInvalidRSAKeySize
 		}
 	case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1,
 		policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1,
@@ -260,7 +262,7 @@ func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error {
 
 		ecKey, ok := pubKey.(*ecdsa.PublicKey)
 		if !ok {
-			return ErrInvalidKeyAlg
+			return ErrKeyAlgMismatch
 		}
 
 		expectedCurve, err := getCurveFromAlg(alg)
@@ -269,10 +271,10 @@ func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error {
 		}
 
 		if ecKey.Curve != expectedCurve {
-			return ErrInvalidKeyCurve
+			return ErrInvalidECKeyCurve
 		}
 	default:
-		return ErrInvalidKeyAlg
+		return ErrUnsupportedKeyAlg
 	}
 	return nil
 }
diff --git a/service/policy/kasregistry/key_access_server_registry_test.go b/service/policy/kasregistry/key_access_server_registry_test.go
index af198e6c99..e8af446954 100644
--- a/service/policy/kasregistry/key_access_server_registry_test.go
+++ b/service/policy/kasregistry/key_access_server_registry_test.go
@@ -473,15 +473,15 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsdI4JGPwMm4od4yxKiKZKq+d+AQQ\ntaDueUULEOdYQxL0IGmWRYGvyQ7nB+gZuB0DxbVjzZttqYIOIVYPfUV94g==\n-----END PUBLIC KEY-----\n",
 			kid:         "ec256-bad",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1,
-			expectedErr: ErrInvalidKeyCurve,
-			description: "EC256 Key and Alg mismatch",
+			expectedErr: ErrInvalidECKeyCurve,
+			description: "EC256 Curve mismatch",
 			name:        "bad ec256",
 		},
 		{
 			key:         "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsdI4JGPwMm4od4yxKiKZKq+d+AQQ\ntaDueUULEOdYQxL0IGmWRYGvyQ7nB+gZuB0DxbVjzZttqYIOIVYPfUV94g==\n-----END PUBLIC KEY-----\n",
 			kid:         "ec256-bad-rsa",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048,
-			expectedErr: ErrInvalidKeyAlg,
+			expectedErr: ErrKeyAlgMismatch,
 			description: "EC256 Key Submitted as RSA",
 			name:        "bad ec256 rsa",
 		},
@@ -497,7 +497,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsNHDYFiXZ4rppZ3A2f02mCSZAFR9NyHx\nz/68UxN+yuQuVKzxk8GdS7ty0+zhGRUbw2WZQk9Pehrp9eA56j1MN5c9gQiIm0PF\nHxQD4Fl2ipIA2KS3j/wIp/Ue96HzQGcX\n-----END PUBLIC KEY-----\n",
 			kid:         "ec384-bad",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1,
-			expectedErr: ErrInvalidKeyCurve,
+			expectedErr: ErrInvalidECKeyCurve,
 			description: "EC384 Key and Alg mismatch",
 			name:        "bad ec384",
 		},
@@ -505,7 +505,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsNHDYFiXZ4rppZ3A2f02mCSZAFR9NyHx\nz/68UxN+yuQuVKzxk8GdS7ty0+zhGRUbw2WZQk9Pehrp9eA56j1MN5c9gQiIm0PF\nHxQD4Fl2ipIA2KS3j/wIp/Ue96HzQGcX\n-----END PUBLIC KEY-----\n",
 			kid:         "ec384-bad-rsa",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048,
-			expectedErr: ErrInvalidKeyAlg,
+			expectedErr: ErrKeyAlgMismatch,
 			description: "EC384 Key Submitted as RSA",
 			name:        "bad ec384 rsa",
 		},
@@ -521,15 +521,15 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGvC9aOQpUifTgBQ+aSFm1fn2m5Fb\nOv5Xc+qrT1LcHlX2vYPVfKVsqkjb0dg6LrrKWB6+UuS44y0GDAMln1KPfnkBb2+b\n6gLkYlAUpLV7RtyzBSktmLOkViGauYlR+9gKT2B5+hiL8lsLeh7khj6XEL+CVVgS\nswYGVPb345XuIdrvhBs=\n-----END PUBLIC KEY-----\n",
 			kid:         "ec521-bad",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1,
-			expectedErr: ErrInvalidKeyCurve,
-			description: "EC384 Key and Alg mismatch",
+			expectedErr: ErrInvalidECKeyCurve,
+			description: "EC384 Curve mismatch",
 			name:        "bad ec521",
 		},
 		{
 			key:         "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGvC9aOQpUifTgBQ+aSFm1fn2m5Fb\nOv5Xc+qrT1LcHlX2vYPVfKVsqkjb0dg6LrrKWB6+UuS44y0GDAMln1KPfnkBb2+b\n6gLkYlAUpLV7RtyzBSktmLOkViGauYlR+9gKT2B5+hiL8lsLeh7khj6XEL+CVVgS\nswYGVPb345XuIdrvhBs=\n-----END PUBLIC KEY-----\n",
 			kid:         "ec521-bad-rsa",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048,
-			expectedErr: ErrInvalidKeyAlg,
+			expectedErr: ErrKeyAlgMismatch,
 			description: "EC384 Key Submitted as RSA",
 			name:        "bad ec521 rsa",
 		},
@@ -545,7 +545,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTa+bW/aJRwmR2O6s2Op\nTobrMdMJE1NSnEF89C4+wn8R4bQ6uanY1Xd7/w3ffRoINqUDaL4PYgHuCInQB58d\nMbBE2qhDIoLdtr6XfThkLYarmjynkNRTN8d/UBu+85C7lMnjxxKxbhFEX/5Py43G\nvNontQhYaL4Ar8RfkXmXQjJIRZGJo1bvdXvhQeZtb4zckKwhS3xl3SV+gD1Tgujt\nO74cfkUZAzieED5aK4eZMCsF2kl47CdcoUvVsKWHGXRL9W/lb6HNE7Bx1Re12uma\nhX6wpexS7W1oW2LBeVdCi1Hb18W86Sud3Xw4ZDe0VlvmwUi3hwapJvpFyspI51Eb\nPwIDAQAB\n-----END PUBLIC KEY-----\n",
 			kid:         "rsa2048-bad",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096,
-			expectedErr: ErrInvalidKeySize,
+			expectedErr: ErrInvalidRSAKeySize,
 			description: "RSA2048 Key and Alg mismatch",
 			name:        "bad rsa2048",
 		},
@@ -553,7 +553,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTa+bW/aJRwmR2O6s2Op\nTobrMdMJE1NSnEF89C4+wn8R4bQ6uanY1Xd7/w3ffRoINqUDaL4PYgHuCInQB58d\nMbBE2qhDIoLdtr6XfThkLYarmjynkNRTN8d/UBu+85C7lMnjxxKxbhFEX/5Py43G\nvNontQhYaL4Ar8RfkXmXQjJIRZGJo1bvdXvhQeZtb4zckKwhS3xl3SV+gD1Tgujt\nO74cfkUZAzieED5aK4eZMCsF2kl47CdcoUvVsKWHGXRL9W/lb6HNE7Bx1Re12uma\nhX6wpexS7W1oW2LBeVdCi1Hb18W86Sud3Xw4ZDe0VlvmwUi3hwapJvpFyspI51Eb\nPwIDAQAB\n-----END PUBLIC KEY-----\n",
 			kid:         "rsa2048-bad-ec",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1,
-			expectedErr: ErrInvalidKeyAlg,
+			expectedErr: ErrKeyAlgMismatch,
 			description: "RSA2048 Key Submitted as EC",
 			name:        "bad rsa2048 ec",
 		},
@@ -569,7 +569,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrbxePKjeQccK2dVr6BO\nKpqolI6w6pi2l6M++za6e1YCvgv8vM2T4qh6OjoWawAE5K4CkOOdOhVme39GbglL\neSF1i09oHYJIj94IdNgzWj8GL9NGrZZgQ8qNcW7mtyGRz62/j//dblu4RF4/qTOe\nrDtr5lL7+IfvVvbhzoPRRDfmqnlnSpbfddSsCoeZy9FS+J/hyVueF4dTWuILb/NF\nhawqAK33Eq8Mm7dhjZ1yffbgN6lS18LIuOMb2Q2M+DSm17yqQRr5ofiIs/IzDPFJ\nw1nyRRqGdlhng6tl02xahCbdlBKkeTxvGwupGdDq5vpcPDgQdYaR+G+dBmXGejtE\nirGbZkg0T77Cj9eMOisD/WUFeKCAej8I4IbGrkWQu3IsMqCn6mHAaDc6a6+WhRDr\nOuMns+LNpzrPxQ8GIWsD6R/xTqRzCIMu1nu9wWtl2bW4mFWiUHmTqseaQNwS2tWc\nh5IrrnN49yG25+dv/X0kq452mYmxMAJHMgG+T0N9Qsdd1xKmEoMHXcE5bMBpj4u/\n5LtCHsSeYco0IUV3MzZ6bIE4hSSbIsDNH8cNmGOBt1l9G63Dkjr4mfuIN/a7Z10q\ngVpzDW2hazOqWnunyLvOUpEuGwYgLdxG2DQt6dNSVY2g7IHgGCxfL/arBs+IIMka\ny3ZIHmrZC2Ym0+77srhrCLsCAwEAAQ==\n-----END PUBLIC KEY-----\n",
 			kid:         "rsa4096-bad",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048,
-			expectedErr: ErrInvalidKeySize,
+			expectedErr: ErrInvalidRSAKeySize,
 			description: "RSA4096 Key and Alg mismatch",
 			name:        "bad rsa4096",
 		},
@@ -577,7 +577,7 @@ func Test_Verify_Public_Keys(t *testing.T) {
 			key:         "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrbxePKjeQccK2dVr6BO\nKpqolI6w6pi2l6M++za6e1YCvgv8vM2T4qh6OjoWawAE5K4CkOOdOhVme39GbglL\neSF1i09oHYJIj94IdNgzWj8GL9NGrZZgQ8qNcW7mtyGRz62/j//dblu4RF4/qTOe\nrDtr5lL7+IfvVvbhzoPRRDfmqnlnSpbfddSsCoeZy9FS+J/hyVueF4dTWuILb/NF\nhawqAK33Eq8Mm7dhjZ1yffbgN6lS18LIuOMb2Q2M+DSm17yqQRr5ofiIs/IzDPFJ\nw1nyRRqGdlhng6tl02xahCbdlBKkeTxvGwupGdDq5vpcPDgQdYaR+G+dBmXGejtE\nirGbZkg0T77Cj9eMOisD/WUFeKCAej8I4IbGrkWQu3IsMqCn6mHAaDc6a6+WhRDr\nOuMns+LNpzrPxQ8GIWsD6R/xTqRzCIMu1nu9wWtl2bW4mFWiUHmTqseaQNwS2tWc\nh5IrrnN49yG25+dv/X0kq452mYmxMAJHMgG+T0N9Qsdd1xKmEoMHXcE5bMBpj4u/\n5LtCHsSeYco0IUV3MzZ6bIE4hSSbIsDNH8cNmGOBt1l9G63Dkjr4mfuIN/a7Z10q\ngVpzDW2hazOqWnunyLvOUpEuGwYgLdxG2DQt6dNSVY2g7IHgGCxfL/arBs+IIMka\ny3ZIHmrZC2Ym0+77srhrCLsCAwEAAQ==\n-----END PUBLIC KEY-----\n",
 			kid:         "rsa4096-bad-ec",
 			alg:         policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1,
-			expectedErr: ErrInvalidKeyAlg,
+			expectedErr: ErrKeyAlgMismatch,
 			description: "RSA4096 Key Submitted as EC",
 			name:        "bad rsa4096 ec",
 		},