diff --git a/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseHeader.kt b/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseHeader.kt
index 89b9619f..650ba25d 100644
--- a/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseHeader.kt
+++ b/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseHeader.kt
@@ -3,6 +3,7 @@ package at.asitplus.signum.indispensable.cosef
 import at.asitplus.catching
 import at.asitplus.signum.indispensable.cosef.io.Base16Strict
 import at.asitplus.signum.indispensable.cosef.io.coseCompliantSerializer
+import at.asitplus.signum.indispensable.pki.X509Certificate
 import io.matthewnelson.encoding.core.Encoder.Companion.encodeToString
 import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
@@ -131,6 +132,23 @@ data class CoseHeader(
     @SerialName("typ")
     val type: String? = null,
 ) {
+    /**
+     * Tries to compute a public key in descending order from [jsonWebKey], [keyId],
+     * or [certificateChain], and takes the first success or null.
+     */
+
+    /**
+     * Tries to compute a public key in descending order from [coseKey] or [certificateChain],
+     * and takes the first success or null.
+     */
+    val publicKey: CoseKey?
+        get() = coseKey?.let { CoseKey.deserialize(it).getOrNull() }
+            ?: kid?.let { CoseKey.fromDid(it.decodeToString()) }?.getOrNull()
+            ?: certificateChain?.let {
+                runCatching {
+                    X509Certificate.decodeFromDer(it)
+                }.getOrNull()?.publicKey?.toCoseKey()?.getOrThrow()
+            }
 
     fun serialize() = coseCompliantSerializer.encodeToByteArray(this)
 
diff --git a/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseSigned.kt b/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseSigned.kt
index 3b032cd6..813cc934 100644
--- a/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseSigned.kt
+++ b/indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseSigned.kt
@@ -115,21 +115,6 @@ data class CoseSigned<P : Any?> internal constructor(
             )
         }
 
-    /**
-     * Tries to compute a public key in descending order from [coseKey] or [certificateChain],
-     * and takes the first success or null.
-     */
-    val publicKey: CoseKey?
-        get() = combinedCoseHeader.run {
-            coseKey?.let { CoseKey.deserialize(it).getOrNull() }
-                ?: kid?.let { CoseKey.fromDid(it.decodeToString()) }?.getOrNull()
-                ?: certificateChain?.let {
-                    runCatching {
-                        X509Certificate.decodeFromDer(it)
-                    }.getOrNull()?.publicKey?.toCoseKey()?.getOrThrow()
-                }
-        }
-
     companion object {
         fun <P : Any> deserialize(
             parameterSerializer: KSerializer<P>,