diff --git a/metadata/keys.go b/metadata/keys.go
index b567c6ab..57e38612 100644
--- a/metadata/keys.go
+++ b/metadata/keys.go
@@ -38,6 +38,7 @@ const (
 	KeyTypeRSASSA_PSS_SHA256      = "rsa"
 	KeySchemeEd25519              = "ed25519"
 	KeySchemeECDSA_SHA2_P256      = "ecdsa-sha2-nistp256"
+	KeySchemeECDSA_SHA2_P384      = "ecdsa-sha2-nistp384"
 	KeySchemeRSASSA_PSS_SHA256    = "rsassa-pss-sha256"
 )
 
diff --git a/metadata/metadata.go b/metadata/metadata.go
index 8bfecbb6..dc407ba8 100644
--- a/metadata/metadata.go
+++ b/metadata/metadata.go
@@ -312,7 +312,14 @@ func (meta *Metadata[T]) VerifyDelegate(delegatedRole string, delegatedMetadata
 		// use corresponding hash function for key type
 		hash := crypto.Hash(0)
 		if key.Type != KeyTypeEd25519 {
-			hash = crypto.SHA256
+			switch key.Scheme {
+			case KeySchemeECDSA_SHA2_P256:
+				hash = crypto.SHA256
+			case KeySchemeECDSA_SHA2_P384:
+				hash = crypto.SHA384
+			default:
+				hash = crypto.SHA256
+			}
 		}
 		// load a verifier based on that key
 		verifier, err := signature.LoadVerifier(publicKey, hash)