diff --git a/lib/ssh_data/encoding.rb b/lib/ssh_data/encoding.rb
index a821e05..f8bd4a8 100644
--- a/lib/ssh_data/encoding.rb
+++ b/lib/ssh_data/encoding.rb
@@ -253,7 +253,7 @@ def decode_public_key(raw, algo=nil, offset=0)
       end
 
       unless fields = KEY_FIELDS_BY_PUBLIC_KEY_ALGO[algo]
-        raise AlgorithmError, "unknown algorithm: #{algo}"
+        raise AlgorithmError, "unknown algorithm: #{algo.inspect}"
       end
 
       data, read = decode_fields(raw, fields, offset + total_read)
@@ -282,7 +282,7 @@ def decode_certificate(raw, offset=0)
       total_read += read
 
       unless key_algo = PUBLIC_KEY_ALGO_BY_CERT_ALGO[data[:algo]]
-        raise AlgorithmError
+        raise AlgorithmError, "unknown algorithm: #{key_algo.inspect}"
       end
 
       data[:key_data], read = decode_public_key(raw, key_algo, offset + total_read)
diff --git a/lib/ssh_data/private_key.rb b/lib/ssh_data/private_key.rb
index aa2f1d1..934599e 100644
--- a/lib/ssh_data/private_key.rb
+++ b/lib/ssh_data/private_key.rb
@@ -1,9 +1,10 @@
 module SSHData
   module PrivateKey
-    OPENSSH_PEM_TYPE = "OPENSSH PRIVATE KEY"
-    RSA_PEM_TYPE     = "RSA PRIVATE KEY"
-    DSA_PEM_TYPE     = "DSA PRIVATE KEY"
-    ECDSA_PEM_TYPE   = "EC PRIVATE KEY"
+    OPENSSH_PEM_TYPE   = "OPENSSH PRIVATE KEY"
+    RSA_PEM_TYPE       = "RSA PRIVATE KEY"
+    DSA_PEM_TYPE       = "DSA PRIVATE KEY"
+    ECDSA_PEM_TYPE     = "EC PRIVATE KEY"
+    ENCRYPTED_PEM_TYPE = "ENCRYPTED PRIVATE KEY"
 
     # Parse an SSH private key.
     #
@@ -11,7 +12,8 @@ module PrivateKey
     #
     # Returns an Array of PrivateKey::Base subclass instances.
     def self.parse(key)
-      case Encoding.pem_type(key)
+      pem_type = Encoding.pem_type(key)
+      case pem_type
       when OPENSSH_PEM_TYPE
         parse_openssh(key)
       when RSA_PEM_TYPE
@@ -20,6 +22,10 @@ def self.parse(key)
         [DSA.from_openssl(OpenSSL::PKey::DSA.new(key))]
       when ECDSA_PEM_TYPE
         [ECDSA.from_openssl(OpenSSL::PKey::EC.new(key))]
+      when ENCRYPTED_PEM_TYPE
+        raise DecryptError, "cannot decode encrypted private keys"
+      else
+        raise AlgorithmError, "unknown PEM type: #{pem_type.inspect}"
       end
     rescue OpenSSL::PKey::PKeyError => e
       raise DecodeError, "bad private key. maybe encrypted?"
diff --git a/spec/private_key_spec.rb b/spec/private_key_spec.rb
index af5acaa..a11d2eb 100644
--- a/spec/private_key_spec.rb
+++ b/spec/private_key_spec.rb
@@ -23,4 +23,50 @@
       end
     end
   end
+
+  it "raises on unknown PEM types" do
+    expect {
+      described_class.parse(<<-PEM.gsub(/^ /, ""))
+      -----BEGIN FOOBAR-----
+      asdf
+      -----END FOOBAR-----
+    PEM
+    }.to raise_error(SSHData::AlgorithmError)
+  end
+
+  it "raises on encrypted PEM type" do
+    expect {
+      described_class.parse(<<-PEM.gsub(/^ /, ""))
+        -----BEGIN ENCRYPTED PRIVATE KEY-----
+        MIIE6TAbBgkqhkiG9w0BBQMwDgQIcWWgZeQYPTcCAggABIIEyLoa5b3ktcPmy4VB
+        hHkpHzVSEsKJPmQTUaQvUwIp6+hYZeuOk78EPehrYJ/QezwJRdyBoD51oOxqWCE2
+        fZ5Wf6Mi/9NIuPyqQccP2ouErcMAcDLaAx9C0Ot37yoG0S6hOZgaxqwnCdGYKHgS
+        7cYUv40kLOJmTOJlHJbatfXHocrHcHkCBJ1q8wApA1KVQIZsqmyBUBuwbrfFwpC9
+        d/R674XxCWJpXvU63VNZRFYUvd7YEWCrdSeleb99p0Vn1kxI5463PXurgs/7GPiO
+        SLSdX44DESP9l7lXenC4gbuT8P0xQRDzGrB5l9HHoV3KMXFODWTMnLcp1nuhA0OT
+        fPS2yzT9zJgqHiVKWgcUUJ5uDelVfnsmDhnh428p0GBFbniH07qREC9kq78UqQNI
+        Kybp4jQ4sPs64zdYm/VyLWtAYz8QNAKHLcnPwmTPr/XlJmox8rlQhuSQTK8E+lDr
+        TOKpydrijN3lF+pgyUuUj6Ha8TLMcOOwqcrpBig4SGYoB56gjAO0yTE9uCPdBakj
+        yxi3ksn51ErigGM2pGMNcVdwkpJ/x+DEBBO0auy3t9xqM6LK8pwNcOT1EWO+16zY
+        79LVSavc49t+XxMc3Xasz/G5xQgD1FBp6pEnsg5JhTTG/ih6Y/DQD8z3prjC3qKc
+        rpL4NA9KBI/IF1iIXlrfmN/zCKbBuEOEGqwcHBDHPySZbhL2XLSpGcK/NBl1bo1Z
+        G+2nUTauoC67Qb0+fnzTcvOiMNAbHMiqkirs4anHX33MKL2gR/3dp8ca9hhWWXZz
+        Mkk2FK9sC/ord9F6mTtvTiOSDzpiEhb94uTxXqBhIbsrGXCUUd0QQN5s2dmW2MfS
+        M35KeSv2rwDGzC1+Qf3MhHGIZDqoQwuZEzM5yHHafCatAbZd2sjaFWegg0r2ca7a
+        eZkZFj3ZuDYXJFnL82guOASh7rElWO2Ys7ncXAKnaV3WkkF+JDv/CUHr+Q/h6Ae5
+        qEvgubTCVSYHzRP37XJItlcdywTIcTY+t6jymmyEBJ66LmUoD47gt/vDUSbhT6Oa
+        GlcZ+MZGlUnPOSq4YknOgwKH8izboY4UgVCrmXvlaZYQhZemNDkVbpYVDf+s6cPf
+        tJwVoZf+qf2SsRTUsI10isoIzCyGw2ie8kmipdP434Z/99uVU3zxD6raNDlyp33q
+        FWMgpr2JU6NVAla7N51g7Jk8VjIIn7SvCYyWkmvv4kLB1UHl3NFqYb9YuIZUaDyt
+        j/NMcKMLLOaEorRZ2N2mDNoihMxMf8J3J9APnzUigAtaalGKNOrd2Fom5OVADePv
+        Tb5sg1uVQzfcpFrjIlLVh+2cekX0JM84phbMpHmm5vCjjfYvUvcMy0clCf0x3jz6
+        LZf5Fzc8xbZmpse5OnOrsDLCNh+SlcYOzsagSZq4TgvSeI9Tr4lv48dLJHCCcYKL
+        eymS9nhlCFuuHbi7zI7edcI49wKUW1Sj+kvKq3LMIEkMlgzqGKA6JqSVxHP51VH5
+        FqV4aKq70H6dNJ43bLVRPhtF5Bip5P7k/6KIsGTPUd54PHey+DuWRjitfheL0G2w
+        GF/qoZyC1mbqdtyyeWgHtVbJVUORmpbNnXOII9duEqBUNDiO9VSZNn/8h/VsYeAB
+        xryZaRDVmtMuf/OZBQ==
+        -----END ENCRYPTED PRIVATE KEY-----
+    PEM
+    }.to raise_error(SSHData::DecryptError)
+  end
 end