diff --git a/ssh-key/src/certificate.rs b/ssh-key/src/certificate.rs
index 2c24dcf..399738c 100644
--- a/ssh-key/src/certificate.rs
+++ b/ssh-key/src/certificate.rs
@@ -455,14 +455,9 @@ impl Certificate {
         self.reserved.encode(writer)?;
         self.signature_key.encode_prefixed(writer)
     }
-}
-
-impl Decode for Certificate {
-    type Error = Error;
-
-    fn decode(reader: &mut impl Reader) -> Result<Self> {
-        let algorithm = Algorithm::new_certificate(&String::decode(reader)?)?;
 
+    /// Decode [`Certificate`] for the specified algorithm.
+    pub fn decode_as(reader: &mut impl Reader, algorithm: Algorithm) -> Result<Self> {
         Ok(Self {
             nonce: Vec::decode(reader)?,
             public_key: KeyData::decode_as(reader, algorithm)?,
@@ -482,6 +477,15 @@ impl Decode for Certificate {
     }
 }
 
+impl Decode for Certificate {
+    type Error = Error;
+
+    fn decode(reader: &mut impl Reader) -> Result<Self> {
+        let algorithm = Algorithm::new_certificate(&String::decode(reader)?)?;
+        Self::decode_as(reader, algorithm)
+    }
+}
+
 impl Encode for Certificate {
     fn encoded_len(&self) -> encoding::Result<usize> {
         [
diff --git a/ssh-key/src/public/key_data.rs b/ssh-key/src/public/key_data.rs
index fe7cb87..8fdb52c 100644
--- a/ssh-key/src/public/key_data.rs
+++ b/ssh-key/src/public/key_data.rs
@@ -174,7 +174,7 @@ impl KeyData {
     }
 
     /// Decode [`KeyData`] for the specified algorithm.
-    pub(crate) fn decode_as(reader: &mut impl Reader, algorithm: Algorithm) -> Result<Self> {
+    pub fn decode_as(reader: &mut impl Reader, algorithm: Algorithm) -> Result<Self> {
         match algorithm {
             #[cfg(feature = "alloc")]
             Algorithm::Dsa => DsaPublicKey::decode(reader).map(Self::Dsa),