diff --git a/protocol/assertion.go b/protocol/assertion.go
index 331d9fe8..50cb5008 100644
--- a/protocol/assertion.go
+++ b/protocol/assertion.go
@@ -141,7 +141,7 @@ func (car CredentialAssertionResponse) Parse() (par *ParsedCredentialAssertionDa
 // Specification: §7.2 Verifying an Authentication Assertion (https://www.w3.org/TR/webauthn/#sctn-verifying-assertion)
 func (p *ParsedCredentialAssertionData) Verify(storedChallenge string, relyingPartyID string, rpOrigins, rpTopOrigins []string, rpTopOriginsVerify TopOriginVerificationMode, appID string, verifyUser bool, credentialBytes []byte) error {
 	// Steps 4 through 6 in verifying the assertion data (https://www.w3.org/TR/webauthn/#verifying-assertion) are
-	// "assertive" steps, i.e "Let JSONtext be the result of running UTF-8 decode on the value of cData."
+	// "assertive" steps, i.e. "Let JSONtext be the result of running UTF-8 decode on the value of cData."
 	// We handle these steps in part as we verify but also beforehand
 
 	// Handle steps 7 through 10 of assertion by verifying stored data against the Collected Client Data
diff --git a/protocol/webauthncose/webauthncose.go b/protocol/webauthncose/webauthncose.go
index 10967641..a9d649da 100644
--- a/protocol/webauthncose/webauthncose.go
+++ b/protocol/webauthncose/webauthncose.go
@@ -36,6 +36,8 @@ type PublicKeyData struct {
 	Algorithm int64 `cbor:"3,keyasint" json:"alg"`
 }
 
+const ecCoordSize = 32
+
 type EC2PublicKeyData struct {
 	PublicKeyData
 
@@ -180,8 +182,8 @@ func ParseFIDOPublicKey(keyBytes []byte) (data EC2PublicKeyData, err error) {
 		PublicKeyData: PublicKeyData{
 			Algorithm: int64(AlgES256),
 		},
-		XCoord: x.Bytes(),
-		YCoord: y.Bytes(),
+		XCoord: x.FillBytes(make([]byte, ecCoordSize)),
+		YCoord: y.FillBytes(make([]byte, ecCoordSize)),
 	}, nil
 }