diff --git a/app/models/gpg_key.rb b/app/models/gpg_key.rb
index 535b40472b09ece799036475eea8ef5bcad85b8d..3df60ddc9501ca472024d6723ffc3d73b1c04102 100644
--- a/app/models/gpg_key.rb
+++ b/app/models/gpg_key.rb
@@ -1,5 +1,6 @@
 class GpgKey < ActiveRecord::Base
   KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze
+  KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'.freeze
 
   include ShaAttribute
 
@@ -15,8 +16,8 @@ class GpgKey < ActiveRecord::Base
     presence: true,
     uniqueness: true,
     format: {
-      with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX}).)+\Z/m,
-      message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}'"
+      with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
+      message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
     }
 
   validates :fingerprint,
diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb
index 1242f0b2e2aa19d038300d1b2472f1451eaf38d9..59c074199dbecb353af8ebc2ec5466095530d6b6 100644
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -7,10 +7,18 @@ describe GpgKey do
 
   describe "validation" do
     it { is_expected.to validate_presence_of(:user) }
+
     it { is_expected.to validate_presence_of(:key) }
     it { is_expected.to validate_uniqueness_of(:key) }
-    it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
+
+    it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
+
+    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
     it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
+    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK----------END PGP PUBLIC KEY BLOCK-----").for(:key) }
+    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
+    it { is_expected.not_to allow_value("-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
+    it { is_expected.not_to allow_value("key\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
     it { is_expected.not_to allow_value('BEGIN PGP').for(:key) }
   end