diff --git a/app.py b/app.py
index 03d8c4a..b49240e 100644
--- a/app.py
+++ b/app.py
@@ -1,5 +1,9 @@
 import glob
 import json
+
+import re
+import sshpubkeys
+
 from flask import Flask, redirect, url_for, render_template, request
 
 # lyadmin
@@ -25,6 +29,8 @@ ACCOUNT_DIR = "req/";
 FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
 CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"
 
+MAX_PUB_KEY_LEN = 5000
+
 # Account requests are given ID numbers
 # the first request will have the below
 # id number
@@ -86,17 +92,21 @@ def req():
         };
     return render_template("req.html", req_tab = rt, widg_fun = widg_fun, page_name="req")
 
+def handle_invalid_data(req):
+    # print(str(e))
+    return render_template("signup.html", is_email_user = False)
+
 # Process input from the /req page
 def signup():
     app.route('/req/signup')
 
     # Get all the params from the POST
     # request
-    username = request.form["username"]
-    email = request.form["email"]
-    pub_key = request.form["pub_key"]
-    shell = request.form["shell"]
-    rule_read = request.form["rule_read"]
+    username = request.form["username"].strip()
+    email = request.form["email"].strip()
+    pub_key = request.form["pub_key"].strip()
+    shell = request.form["shell"].strip()
+    rule_read = request.form["rule_read"].strip()
 
     is_email_user = False;
 
@@ -113,6 +123,31 @@ def signup():
     else:
         email = "NO_EMAIL"
 
+    # Validate email
+    if( not re.search("^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$", email)):
+        print("failed email validation")
+        return handle_invalid_data(req)
+        
+    # Validate the SSH pub key
+    # Most software only handles up to 4096 bit keys
+    if(len(pub_key) > MAX_PUB_KEY_LEN):
+        print("key failed len check")
+        return handle_invalid_data(req)
+
+    # Only printable ascii characters in
+    # a valid key
+    if(not re.search("^[ -~]+$", pub_key)):
+        print("key failed regex")
+        return handle_invalid_data(req)
+
+    # Check the key against a library
+    key = sshpubkeys.SSHKey(pub_key, strict_mode=False, skip_option_parsing=True)
+    try:
+        key.parse()
+    except Exception as e:
+        print("key failed lib validation")
+        return handle_invalid_data(request)
+
     # All users requests have a sequential ID
     # this checks how many requests we have
     # and gives us a free ID so we can save
diff --git a/requirements.txt b/requirements.txt
index 46a48dd..ab683a1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
 Flask==1.1.2
+sshpubkeys==3.1.0