diff --git a/src/crypto_public.c b/src/crypto_public.c
index d4ff29a..ba519f1 100644
--- a/src/crypto_public.c
+++ b/src/crypto_public.c
@@ -314,6 +314,7 @@ void apk_public_key_free(struct apk_public_key *pub)
 
 int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
 {
+	const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
 	uint8_t digest;
 
 	switch (signature_type) {
@@ -335,6 +336,12 @@ int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type
 		return -APKE_CRYPTO_ERROR;
 	}
 
+	if (signature_type == APK_SIGNATURE_CUTE) {
+		if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
+			return -APKE_CRYPTO_ERROR;
+		}
+	}
+
 	return 0;
 }
 
diff --git a/src/crypto_secret.c b/src/crypto_secret.c
index 9dcd0f4..f5771a3 100644
--- a/src/crypto_secret.c
+++ b/src/crypto_secret.c
@@ -311,6 +311,7 @@ void apk_secret_key_free(struct apk_secret_key *sec)
 
 int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
 {
+	const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
 	uint8_t digest;
 
 	switch (signature_type) {
@@ -332,6 +333,12 @@ int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
 		return -APKE_CRYPTO_ERROR;
 	}
 
+	if (signature_type == APK_SIGNATURE_CUTE) {
+		if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
+			return -APKE_CRYPTO_ERROR;
+		}
+	}
+
 	return 0;
 }