diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
index c14096d0..30b069be 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
@@ -17,6 +17,7 @@ package org.pgpainless.signature;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.Iterator;
@@ -567,10 +568,14 @@ public abstract class SignatureValidator {
             @Override
             public void verify(PGPSignature signature) throws SignatureValidationException {
                 PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm());
-                int bitStrength = BCUtil.getBitStrength(signingKey);
-                if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
-                    throw new SignatureValidationException("Signature was made using unacceptable key. " +
-                            algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
+                try {
+                    int bitStrength = BCUtil.getBitStrength(signingKey);
+                    if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
+                        throw new SignatureValidationException("Signature was made using unacceptable key. " +
+                                algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
+                    }
+                } catch (NoSuchAlgorithmException e) {
+                    throw new SignatureValidationException("Cannot determine bit strength of signing key.", e);
                 }
             }
         };
diff --git a/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java b/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
index 8800b755..31ac586e 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
@@ -15,6 +15,8 @@
  */
 package org.pgpainless.util;
 
+import java.security.NoSuchAlgorithmException;
+
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.bcpg.ECPublicBCPGKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
@@ -33,12 +35,13 @@ public final class BCUtil {
      * @param key key
      * @return bit strength
      */
-    public static int getBitStrength(PGPPublicKey key) {
+    public static int getBitStrength(PGPPublicKey key) throws NoSuchAlgorithmException {
         int bitStrength = key.getBitStrength();
 
         if (bitStrength == -1) {
-            // TODO: BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
-            //  Manually set the bit strength.
+            // BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
+            // therefore we manually set the bit strength.
+            // see https://github.com/bcgit/bc-java/issues/972
 
             ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID();
             if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) {
@@ -48,7 +51,7 @@ public final class BCUtil {
                 // curvey25519 is 256 bits
                 bitStrength = 256;
             } else {
-                throw new RuntimeException("Unknown curve: " + oid.getId());
+                throw new NoSuchAlgorithmException("Unknown curve: " + oid.getId());
             }
 
         }