diff --git a/pkg/bundle/bundle_test.go b/pkg/bundle/bundle_test.go
index 1db242c..aa4bfbb 100644
--- a/pkg/bundle/bundle_test.go
+++ b/pkg/bundle/bundle_test.go
@@ -818,8 +818,8 @@ func TestVerificationContent(t *testing.T) {
 				return
 			}
 			if tt.wantPublicKey {
-				_, hasPubKey := got.HasPublicKey()
-				require.True(t, hasPubKey)
+				k := got.PublicKey()
+				require.NotNil(t, k)
 				return
 			}
 		})
diff --git a/pkg/bundle/verification_content.go b/pkg/bundle/verification_content.go
index b775295..9411115 100644
--- a/pkg/bundle/verification_content.go
+++ b/pkg/bundle/verification_content.go
@@ -52,8 +52,8 @@ func (c *Certificate) GetCertificate() *x509.Certificate {
 	return c.Certificate
 }
 
-func (c *Certificate) HasPublicKey() (verify.PublicKeyProvider, bool) {
-	return PublicKey{}, false
+func (c *Certificate) PublicKey() verify.PublicKeyProvider {
+	return nil
 }
 
 func (pk *PublicKey) CompareKey(key any, tm root.TrustedMaterial) bool {
@@ -83,6 +83,6 @@ func (pk *PublicKey) GetCertificate() *x509.Certificate {
 	return nil
 }
 
-func (pk *PublicKey) HasPublicKey() (verify.PublicKeyProvider, bool) {
-	return *pk, true
+func (pk *PublicKey) PublicKey() verify.PublicKeyProvider {
+	return pk
 }
diff --git a/pkg/verify/interface.go b/pkg/verify/interface.go
index c06310f..6b0ac27 100644
--- a/pkg/verify/interface.go
+++ b/pkg/verify/interface.go
@@ -64,7 +64,7 @@ type VerificationContent interface {
 	CompareKey(any, root.TrustedMaterial) bool
 	ValidAtTime(time.Time, root.TrustedMaterial) bool
 	GetCertificate() *x509.Certificate
-	HasPublicKey() (PublicKeyProvider, bool)
+	PublicKey() PublicKeyProvider
 }
 
 type SignatureContent interface {
diff --git a/pkg/verify/signature.go b/pkg/verify/signature.go
index 1d0ddfa..4e4dc97 100644
--- a/pkg/verify/signature.go
+++ b/pkg/verify/signature.go
@@ -97,7 +97,7 @@ func getSignatureVerifier(verificationContent VerificationContent, tm root.Trust
 	if leafCert := verificationContent.GetCertificate(); leafCert != nil {
 		// TODO: Inspect certificate's SignatureAlgorithm to determine hash function
 		return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)
-	} else if pk, ok := verificationContent.HasPublicKey(); ok {
+	} else if pk := verificationContent.PublicKey(); pk != nil {
 		return tm.PublicKeyVerifier(pk.Hint())
 	}