diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
index d271f8a6..bf3e8f46 100644
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@@ -367,6 +367,30 @@
 
 #endif /* LTC_NO_PK */
 
+/* define these PK sizes out of LTC_NO_PK
+ * to have them always defined
+ */
+#if defined(LTC_MRSA)
+/* Min and Max RSA key sizes (in bits) */
+#ifndef MIN_RSA_SIZE
+#define MIN_RSA_SIZE 1024
+#endif
+#ifndef MAX_RSA_SIZE
+#define MAX_RSA_SIZE 4096
+#endif
+#endif
+
+/* in cases where you want ASN.1/DER functionality, but no
+ * RSA, you can define this externally if 1024 is not enough
+ */
+#if defined(LTC_MRSA)
+#define LTC_DER_MAX_PUBKEY_SIZE MAX_RSA_SIZE
+#elif !defined(LTC_DER_MAX_PUBKEY_SIZE)
+/* this includes DSA */
+#define LTC_DER_MAX_PUBKEY_SIZE 1024
+#endif
+
+
 /* PKCS #1 (RSA) and #5 (Password Handling) stuff */
 #ifndef LTC_NO_PKCS
 
diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
index e5715647..a474646a 100644
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@@ -28,10 +28,6 @@ int pk_get_oid(int pk, oid_st *st);
 /* ---- RSA ---- */
 #ifdef LTC_MRSA
 
-/* Min and Max RSA key sizes (in bits) */
-#define MIN_RSA_SIZE 1024
-#define MAX_RSA_SIZE 4096
-
 /** RSA PKCS style key */
 typedef struct Rsa_key {
     /** Type of key, PK_PRIVATE or PK_PUBLIC */
diff --git a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
index 71009c69..6731c66c 100644
--- a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
+++ b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
@@ -54,7 +54,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
    }
 
    /* see if the OpenSSL DER format RSA public key will work */
-   tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8);
+   tmpbuf = XCALLOC(1, LTC_DER_MAX_PUBKEY_SIZE*8);
    if (tmpbuf == NULL) {
        err = CRYPT_MEM;
        goto LBL_ERR;
@@ -68,7 +68,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
     * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet
     */
    LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2);
-   LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8);
+   LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, LTC_DER_MAX_PUBKEY_SIZE*8);
 
    err=der_decode_sequence(in, inlen, subject_pubkey, 2UL);
    if (err != CRYPT_OK) {