diff --git a/src/Network/Wai/SAML2/XML/Encrypted.hs b/src/Network/Wai/SAML2/XML/Encrypted.hs
index b807390..93e8efd 100644
--- a/src/Network/Wai/SAML2/XML/Encrypted.hs
+++ b/src/Network/Wai/SAML2/XML/Encrypted.hs
@@ -72,7 +72,7 @@ data EncryptedKey = EncryptedKey {
     -- | The method used to encrypt the key.
     encryptedKeyMethod :: !EncryptionMethod,
     -- | The key data.
-    encryptedKeyData :: !KeyInfo,
+    encryptedKeyData :: !(Maybe KeyInfo),
     -- | The ciphertext.
     encryptedKeyCipher :: !CipherData
 } deriving (Eq, Show)
@@ -83,9 +83,9 @@ instance FromXML EncryptedKey where
             cursor $/ element (xencName "EncryptionMethod")
                 ) >>= parseXML
 
-        keyData <- oneOrFail "KeyInfo is required" (
-            cursor $/ element (dsName "KeyInfo")
-                ) >>= parseXML
+        keyData <- case cursor $/ element (dsName "KeyInfo") of
+                     [] -> return Nothing
+                     (keyInfo :_) -> Just <$> parseXML keyInfo
 
         cipher <- oneOrFail "CipherData is required" (
             cursor $/ element (xencName "CipherData")