diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index dbe3bba7a..a9458b04f 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -201,7 +201,7 @@ static int psa_is_key_id_valid( psa_key_id_t key_id )
         return( 0 );
     /* Reject high values because the file names are reserved for the
      * library's internal use. */
-    if( key_id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
+    if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
         return( 0 );
     return( 1 );
 }
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 9da009d8d..74f9e230d 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -59,7 +59,7 @@ extern "C" {
  * This limitation will probably become moot when we implement client
  * separation for key storage.
  */
-#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xffff0000
+#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER 0xfffeffff
 
 /**
  * \brief Format key data and metadata and save to a location for given key