diff --git a/src/crypto/ecdh-browser.js b/src/crypto/ecdh-browser.js
index 4fbb30bc..ca806b4f 100644
--- a/src/crypto/ecdh-browser.js
+++ b/src/crypto/ecdh-browser.js
@@ -117,8 +117,8 @@ function unmarshalPublicKey (curve, key) {
   return {
     kty: 'EC',
     crv: curve,
-    x: toBase64(x),
-    y: toBase64(y),
+    x: toBase64(x, byteLen),
+    y: toBase64(y, byteLen),
     ext: true
   }
 }
diff --git a/src/crypto/util.js b/src/crypto/util.js
index 46d0eaa2..0f25b8e3 100644
--- a/src/crypto/util.js
+++ b/src/crypto/util.js
@@ -5,8 +5,9 @@ const Buffer = require('safe-buffer').Buffer
 
 // Convert a BN.js instance to a base64 encoded string without padding
 // Adapted from https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#appendix-C
-exports.toBase64 = function toBase64 (bn) {
-  let s = bn.toArrayLike(Buffer, 'be').toString('base64')
+exports.toBase64 = function toBase64 (bn, len) {
+  // if len is defined then the bytes are leading-0 padded to the length
+  let s = bn.toArrayLike(Buffer, 'be', len).toString('base64')
 
   return s
     .replace(/(=*)$/, '') // Remove any trailing '='s
diff --git a/test/util.spec.js b/test/util.spec.js
index 71420841..cb2c5a27 100644
--- a/test/util.spec.js
+++ b/test/util.spec.js
@@ -22,4 +22,10 @@ describe('Util', () => {
     expect(util.toBase64(bn)).to.be.eql('3q0')
     done()
   })
+
+  it('toBase64 zero padding', (done) => {
+    let bnpad = new BN('ff', 16)
+    expect(util.toBase64(bnpad, 2)).to.be.eql('AP8')
+    done()
+  })
 })