diff --git a/src/route/hkp.js b/src/route/hkp.js
index a1ea661..afb9350 100644
--- a/src/route/hkp.js
+++ b/src/route/hkp.js
@@ -80,7 +80,7 @@ class HKP {
     if (['get','index','vindex'].indexOf(params.op) === -1) {
       ctx.throw(501, 'Not implemented!');
     } else if (!params.keyid && !params.email) {
-      ctx.throw(400, 'Invalid request!');
+      ctx.throw(501, 'Not implemented!');
     }
 
     return params;
@@ -88,7 +88,7 @@ class HKP {
 
   /**
    * Checks for a valid key id in the query string. A key must be prepended
-   * with '0x' and can be between 8 and 40 hex characters long.
+   * with '0x' and can be between 16 and 40 hex characters long.
    * @param  {String} keyid   The key id
    * @return {Boolean}        If the key id is valid
    */
@@ -96,7 +96,7 @@ class HKP {
     if (!util.isString(keyid)) {
       return false;
     }
-    return /^0x[a-fA-F0-9]{8,40}$/.test(keyid);
+    return /^0x[a-fA-F0-9]{16,40}$/.test(keyid);
   }
 
   /**
diff --git a/src/service/util.js b/src/service/util.js
index e56b022..e7178cb 100644
--- a/src/service/util.js
+++ b/src/service/util.js
@@ -42,7 +42,7 @@ exports.isTrue = function(data) {
 };
 
 /**
- * Checks for a valid key id which is between 8 and 40 hex chars.
+ * Checks for a valid key id which is between 16 and 40 hex chars.
  * @param  {string} data   The key id
  * @return {boolean}       If the key id if valid
  */
@@ -50,7 +50,7 @@ exports.validateKeyId = function(data) {
   if (!this.isString(data)) {
     return false;
   }
-  return /^[a-fA-F0-9]{8,40}$/.test(data);
+  return /^[a-fA-F0-9]{16,40}$/.test(data);
 };
 
 /**
diff --git a/test/integration/app-test.js b/test/integration/app-test.js
index f26b0d1..177b209 100644
--- a/test/integration/app-test.js
+++ b/test/integration/app-test.js
@@ -174,9 +174,16 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
           .end(done);
         });
 
+        it('should return 400 for short key id', done => {
+          request(app.listen())
+          .get('/api/v1/key?keyid=0123456789ABCDE')
+          .expect(400)
+          .end(done);
+        });
+
         it('should return 404 for wrong key id', done => {
           request(app.listen())
-          .get('/api/v1/key?keyid=0123456789ABCDF')
+          .get('/api/v1/key?keyid=0123456789ABCDEF')
           .expect(404)
           .end(done);
         });
@@ -305,9 +312,9 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
         .end(done);
       });
 
-      it('should return 404 for unknown email address', done => {
+      it('should return 404 for unknown key id', done => {
         request(app.listen())
-        .get('/api/v1/verifyRemove?keyid=0123456789ABCDF&nonce=' + emailParams.nonce)
+        .get('/api/v1/verifyRemove?keyid=0123456789ABCDEF&nonce=' + emailParams.nonce)
         .expect(404)
         .end(done);
       });
@@ -407,10 +414,10 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
           .end(done);
         });
 
-        it('should return 400 for invalid email', done => {
+        it('should return 501 for invalid email', done => {
           request(app.listen())
           .get('/pks/lookup?op=get&search=a@bco')
-          .expect(400)
+          .expect(501)
           .end(done);
         });
 
@@ -421,17 +428,17 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
           .end(done);
         });
 
-        it('should return 400 for missing params', done => {
+        it('should return 501 for missing params', done => {
           request(app.listen())
           .get('/pks/lookup?op=get')
-          .expect(400)
+          .expect(501)
           .end(done);
         });
 
-        it('should return 400 for a invalid key id format', done => {
+        it('should return 501 for a invalid key id format', done => {
           request(app.listen())
           .get('/pks/lookup?op=get&search=' + emailParams.keyid)
-          .expect(400)
+          .expect(501)
           .end(done);
         });
 
@@ -442,6 +449,13 @@ describe('Koa App (HTTP Server) Integration Tests', function() {
           .end(done);
         });
 
+        it('should return 501 (Not implemented) for short key id', done => {
+          request(app.listen())
+          .get('/pks/lookup?op=get&search=0x2A1B86E9')
+          .expect(501)
+          .end(done);
+        });
+
         it('should return 501 (Not implemented) for "x-email" op', done => {
           request(app.listen())
           .get('/pks/lookup?op=x-email&search=0x' + emailParams.keyid)
diff --git a/test/unit/util-test.js b/test/unit/util-test.js
index 39b3065..dcfc80c 100644
--- a/test/unit/util-test.js
+++ b/test/unit/util-test.js
@@ -53,14 +53,11 @@ describe('Util Unit Tests', () => {
     it('should be true for 16 byte hex', () => {
       expect(util.validateKeyId('0123456789ABCDEF')).to.be.true;
     });
-    it('should be true for 8 byte hex', () => {
-      expect(util.validateKeyId('01234567')).to.be.true;
+    it('should be false for 15 byte hex', () => {
+      expect(util.validateKeyId('0123456789ABCDE')).to.be.false;
     });
-    it('should be false for 8 byte non-hex', () => {
-      expect(util.validateKeyId('0123456Z')).to.be.false;
-    });
-    it('should be false for 7 byte hex', () => {
-      expect(util.validateKeyId('0123456')).to.be.false;
+    it('should be false for 16 byte non-hex', () => {
+      expect(util.validateKeyId('0123456789ABCDEZ')).to.be.false;
     });
     it('should be false for 41 byte hex', () => {
       expect(util.validateKeyId('0123456789ABCDEF0123456789ABCDEF012345678')).to.be.false;