diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a43ccaf57..efec00be5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1284,7 +1284,13 @@ static psa_status_t psa_start_key_creation(
         return( status );
     slot->lifetime = attributes->lifetime;
     if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    {
+        status = psa_validate_persistent_key_parameters( attributes->lifetime,
+                                                         attributes->id );
+        if( status != PSA_SUCCESS )
+            return( status );
         slot->persistent_storage_id = attributes->id;
+    }
     slot->type = attributes->type;
 
     return( status );
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 33c03a799..d8b0a2e51 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -219,9 +219,6 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
     psa_key_slot_t *slot;
     psa_status_t status;
 
-    if( ! psa_is_key_id_valid( id ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
     status = psa_get_key_slot( handle, &slot );
     if( status != PSA_SUCCESS )
         return( status );
@@ -239,6 +236,17 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
 #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
 }
 
+psa_status_t psa_validate_persistent_key_parameters(
+    psa_key_lifetime_t lifetime,
+    psa_key_file_id_t id )
+{
+    if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    if( ! psa_is_key_id_valid( id ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    return( PSA_SUCCESS );
+}
+
 static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
                                           psa_key_file_id_t id,
                                           psa_key_handle_t *handle,
@@ -248,8 +256,9 @@ static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
 
     *handle = 0;
 
-    if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    status = psa_validate_persistent_key_parameters( lifetime, id );
+    if( status != PSA_SUCCESS )
+        return( status );
 
     status = psa_internal_allocate_key_slot( handle );
     if( status != PSA_SUCCESS )
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 6746bad91..914e2d507 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -55,4 +55,26 @@ psa_status_t psa_initialize_key_slots( void );
  * This does not affect persistent storage. */
 void psa_wipe_all_key_slots( void );
 
+/** Test whether the given parameters are acceptable for a persistent key.
+ *
+ * This function does not access the storage in any way. It only tests
+ * whether the parameters are meaningful and permitted by general policy.
+ * It does not test whether the a file by the given id exists or could be
+ * created.
+ *
+ * \param lifetime      The lifetime to test.
+ * \param id            The key id to test.
+ *
+ * \retval PSA_SUCCESS
+ *         The given parameters are valid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ *         \p lifetime is volatile or is invalid.
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ *         \p id is invalid.
+ */
+psa_status_t psa_validate_persistent_key_parameters(
+    psa_key_lifetime_t lifetime,
+    psa_key_file_id_t id );
+
+
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */