diff --git a/src/clj_jwt/core.clj b/src/clj_jwt/core.clj
index 68ec02b..03227dc 100644
--- a/src/clj_jwt/core.clj
+++ b/src/clj_jwt/core.clj
@@ -68,6 +68,9 @@
     ([this key]
      (let [alg (-> this :header :alg keyword)]
        (cond
+         (and (= :none alg) (not (= "" key)))
+         false
+
          (= :none alg) (= "" (:signature this))
 
          (supported-algorithm? alg)
@@ -87,4 +90,3 @@
     (->JWT (encoded-json->map header)
            (encoded-json->map claims)
            (or signature ""))))
-
diff --git a/test/clj_jwt/core_test.clj b/test/clj_jwt/core_test.clj
index 9664f60..59ed51e 100644
--- a/test/clj_jwt/core_test.clj
+++ b/test/clj_jwt/core_test.clj
@@ -98,16 +98,19 @@
   (fact "HS256 signed JWT should be verified."
     (-> claim jwt (sign "foo") (verify "foo"))                 => true
     (-> claim jwt (sign "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt              to-str str->jwt (verify "foo")) => false
     (-> claim jwt (sign "foo") (verify "bar"))                 => false)
 
   (fact "HS384 signed JWT should be verified."
     (-> claim jwt (sign :HS384 "foo") (verify "foo"))                 => true
     (-> claim jwt (sign :HS384 "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt                     to-str str->jwt (verify "foo")) => false
     (-> claim jwt (sign :HS384 "foo") (verify "bar"))                 => false)
 
   (fact "HS512 signed JWT should be verified."
     (-> claim jwt (sign :HS512 "foo") (verify "foo"))                 => true
     (-> claim jwt (sign :HS512 "foo") to-str str->jwt (verify "foo")) => true
+    (-> claim jwt                     to-str str->jwt (verify "foo")) => false
     (-> claim jwt (sign :HS512 "foo") (verify "bar"))                 => false)
 
   (fact "RS256 signed JWT should be verified."