diff --git a/little_boxes/key.py b/little_boxes/key.py
index 9ab8c72..b0a4f70 100644
--- a/little_boxes/key.py
+++ b/little_boxes/key.py
@@ -14,8 +14,8 @@ class Key(object):
         self.owner = owner
         self.privkey_pem: Optional[str] = None
         self.pubkey_pem: Optional[str] = None
-        self.privkey: Optional[Any] = None
-        self.pubkey: Optional[Any] = None
+        self.privkey: Optional[RSA.RsaKey] = None
+        self.pubkey: Optional[RSA.RsaKey] = None
         self.id_ = id_
 
     def load_pub(self, pubkey_pem: str) -> None:
diff --git a/little_boxes/linked_data_sig.py b/little_boxes/linked_data_sig.py
index b0d4866..31f8e96 100644
--- a/little_boxes/linked_data_sig.py
+++ b/little_boxes/linked_data_sig.py
@@ -59,10 +59,10 @@ def _doc_hash(doc):
 def verify_signature(doc, key: "Key"):
     to_be_signed = _options_hash(doc) + _doc_hash(doc)
     signature = doc["signature"]["signatureValue"]
-    signer = PKCS1_v1_5.new(key.pubkey or key.privkey)
+    signer = PKCS1_v1_5.new(key.pubkey or key.privkey)  # type: ignore
     digest = SHA256.new()
     digest.update(to_be_signed.encode("utf-8"))
-    return signer.verify(digest, base64.b64decode(signature))
+    return signer.verify(digest, base64.b64decode(signature))  # type: ignore
 
 
 def generate_signature(doc, key: "Key"):
@@ -73,8 +73,11 @@ def generate_signature(doc, key: "Key"):
     }
     doc["signature"] = options
     to_be_signed = _options_hash(doc) + _doc_hash(doc)
+    if not key.privkey:
+        raise ValueError(f"missing privkey on key {key!r}")
+
     signer = PKCS1_v1_5.new(key.privkey)
     digest = SHA256.new()
     digest.update(to_be_signed.encode("utf-8"))
-    sig = base64.b64encode(signer.sign(digest))
+    sig = base64.b64encode(signer.sign(digest))  # type: ignore
     options["signatureValue"] = sig.decode("utf-8")