diff --git a/sshagent/formats.py b/sshagent/formats.py
index d1592f0..346cfdd 100644
--- a/sshagent/formats.py
+++ b/sshagent/formats.py
@@ -9,6 +9,8 @@ import logging
 log = logging.getLogger(__name__)
 
 DER_OCTET_STRING = b'\x04'
+ECDSA_KEY_TYPE = 'ecdsa-sha2-nistp256'
+ECDSA_CURVE_NAME = 'nistp256'
 
 curve = ecdsa.NIST256p
 hashfunc = hashlib.sha256
@@ -66,18 +68,16 @@ def decompress_pubkey(pub):
     x = util.bytes2num(pub[1:33])
     beta = pow(int(x*x*x+A*x+B), int((P+1)//4), int(P))
     y = (P-beta) if ((beta + ord(pub[0])) % 2) else beta
-    return (x, y)
 
-
-def export_public_key(pubkey, label):
-    x, y = decompress_pubkey(pubkey)
     point = ecdsa.ellipticcurve.Point(curve.curve, x, y)
     vk = ecdsa.VerifyingKey.from_public_point(point, curve=curve,
                                               hashfunc=hashfunc)
-    key_type = 'ecdsa-sha2-nistp256'
-    curve_name = 'nistp256'
-    parts = [key_type, curve_name, DER_OCTET_STRING + vk.to_string()]
-    blob = ''.join([util.frame(p) for p in parts])
+    parts = [ECDSA_KEY_TYPE, ECDSA_CURVE_NAME, DER_OCTET_STRING + vk.to_string()]
+    return ''.join([util.frame(p) for p in parts])
+
+
+def export_public_key(pubkey, label):
+    blob = decompress_pubkey(pubkey)
     log.debug('fingerprint: %s', fingerprint(blob))
     b64 = base64.b64encode(blob)
-    return '{} {} {}\n'.format(key_type, b64, label)
+    return '{} {} {}\n'.format(ECDSA_KEY_TYPE, b64, label)
diff --git a/sshagent/trezor.py b/sshagent/trezor.py
index 3561299..acf576f 100644
--- a/sshagent/trezor.py
+++ b/sshagent/trezor.py
@@ -76,6 +76,8 @@ class Client(object):
                                            challenge_hidden=blob,
                                            challenge_visual=visual,
                                            ecdsa_curve_name=self.curve_name)
+        public_key_blob = formats.decompress_pubkey(result.public_key)
+        assert public_key_blob == msg['public_key']['blob']
         assert len(result.signature) == 65
         assert result.signature[0] == b'\x00'
 
@@ -141,11 +143,11 @@ def _parse_ssh_blob(data):
         res['auth'] = util.read_frame(i)
         i.read(1)  # TBD
         res['key_type'] = util.read_frame(i)
-        res['pubkey'] = util.read_frame(i)
+        public_key = util.read_frame(i)
+        res['public_key'] = formats.parse_pubkey(public_key)
         assert not i.read()
         log.debug('%s: user %r via %r (%r)',
                   res['conn'], res['user'], res['auth'], res['key_type'])
         log.debug('nonce: %s', binascii.hexlify(res['nonce']))
-        pubkey = formats.parse_pubkey(res['pubkey'])
-        log.debug('fingerprint: %s', pubkey['fingerprint'])
+        log.debug('fingerprint: %s', res['public_key']['fingerprint'])
     return res