diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index d3a57df1f..c4d70c2ee 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -312,6 +312,7 @@ class Epp::Domain < Domain
     keys = []
     return keys if frame.blank?
     inf_data = DnsSecKeys.new(frame)
+    add_epp_error('2005', nil, nil, %i[dnskeys invalid]) if not_base64?(inf_data)
 
     if  action == 'rem' &&
         frame.css('rem > all').first.try(:text) == 'true'
@@ -333,6 +334,16 @@ class Epp::Domain < Domain
     errors.any? ? [] : keys
   end
 
+  def not_base64?(inf_data)
+    inf_data.key_data.any? do |key|
+      value = key[:public_key]
+
+      !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+    end
+  rescue ArgumentError
+    true
+  end
+
   class DnsSecKeys
     def initialize(frame)
       @key_data = []
@@ -381,7 +392,7 @@ class Epp::Domain < Domain
 
     def key_data_from(frame)
       xm_copy frame, KEY_INTERFACE
-   end
+    end
 
     def ds_data_from(frame)
       frame.css('dsData').each do |ds_data|