diff --git a/RSA.xs b/RSA.xs
index 6df0f7b..1b993c0 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -813,6 +813,8 @@ generate_key(proto, bitsSV, exponent = 65537)
     int error = 0;
 #endif
   CODE:
+    if (SvIV(bitsSV) < 512)
+        croak("RSA key size must be at least 512 bits (got %"IVdf")", SvIV(bitsSV));
     if (exponent < 3 || (exponent % 2) == 0)
         croak("RSA exponent must be odd and >= 3 (got %lu)", exponent);
     e = BN_new();
diff --git a/t/keygen.t b/t/keygen.t
index 8833693..2a4f1d3 100644
--- a/t/keygen.t
+++ b/t/keygen.t
@@ -19,7 +19,7 @@ my $HAS_BIGNUM = eval { require Crypt::OpenSSL::Bignum; 1 } ? 1 : 0;
 my $BITS = 2048;
 my $BYTES = $BITS / 8;
 
-plan tests => 24;
+plan tests => 29;
 
 # --- Default exponent (65537) explicitly passed ---
 {
@@ -161,3 +161,21 @@ plan tests => 24;
         ok(!$result, "SHA256 signature fails under SHA1 mode");
     }
 }
+
+# --- Key size validation ---
+{
+    eval { Crypt::OpenSSL::RSA->generate_key(-1) };
+    like($@, qr/at least 512 bits/, "generate_key croaks on negative key size");
+
+    eval { Crypt::OpenSSL::RSA->generate_key(0) };
+    like($@, qr/at least 512 bits/, "generate_key croaks on zero key size");
+
+    eval { Crypt::OpenSSL::RSA->generate_key(256) };
+    like($@, qr/at least 512 bits/, "generate_key croaks on 256-bit key size");
+
+    eval { Crypt::OpenSSL::RSA->generate_key(511) };
+    like($@, qr/at least 512 bits/, "generate_key croaks on 511-bit key size");
+
+    my $rsa = eval { Crypt::OpenSSL::RSA->generate_key(512) };
+    ok($rsa && !$@, "generate_key accepts 512-bit key size (minimum)");
+}