diff --git a/Cargo.toml b/Cargo.toml
index 1c79e4d..a2d4483 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,7 +18,7 @@ default = ["hyper-rustls"]
 base64 = "0.21.0"
 hyper = { version = "0.14.18", features = ["client", "http1", "http2"] }
 hyper-rustls = { version = "0.24", default-features = false, features = ["http1", "http2", "native-tokio", "tls12"], optional = true }
-ring = { version = "0.16.20", features = ["std"] }
+ring = { version = "0.17", features = ["std"] }
 serde = { version = "1.0.104", features = ["derive"] }
 serde_json = "1.0.78"
 thiserror = "1.0.30"
diff --git a/src/lib.rs b/src/lib.rs
index 7e33683..a5bf8d6 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -508,7 +508,7 @@ impl Key {
     fn generate() -> Result<(Self, pkcs8::Document), Error> {
         let rng = SystemRandom::new();
         let pkcs8 = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
-        let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref())?;
+        let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref(), &rng)?;
         let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
 
         Ok((
@@ -523,11 +523,12 @@ impl Key {
     }
 
     fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> {
-        let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der)?;
+        let rng = SystemRandom::new();
+        let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der, &rng)?;
         let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
 
         Ok(Self {
-            rng: SystemRandom::new(),
+            rng,
             signing_algorithm: SigningAlgorithm::Es256,
             inner: key,
             thumb,