diff --git a/openpgp/forwarding_test.go b/openpgp/forwarding_test.go
index 2267c4ca..3241a794 100644
--- a/openpgp/forwarding_test.go
+++ b/openpgp/forwarding_test.go
@@ -183,7 +183,7 @@ Loop:
 		}
 		switch p := p.(type) {
 		case *packet.EncryptedKey:
-			err = p.ProxyTransform(
+			tp, err := p.ProxyTransform(
 				instance.ProxyParameter,
 				instance.ForwarderKeyId,
 				instance.ForwardeeKeyId,
@@ -194,7 +194,7 @@ Loop:
 
 			splitPoint = bytesReader.Size() - int64(bytesReader.Len())
 
-			err = p.Serialize(transformedEncryptedKey)
+			err = tp.Serialize(transformedEncryptedKey)
 			if err != nil {
 				t.Fatalf("error serializing transformed PKESK: %s", err)
 			}
diff --git a/openpgp/packet/encrypted_key.go b/openpgp/packet/encrypted_key.go
index 03d92d93..67fa7316 100644
--- a/openpgp/packet/encrypted_key.go
+++ b/openpgp/packet/encrypted_key.go
@@ -463,27 +463,37 @@ func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFu
 	return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config)
 }
 
-func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) error {
+func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) {
 	if e.Algo != PubKeyAlgoECDH {
-		return errors.InvalidArgumentError("invalid PKESK")
+		return nil, errors.InvalidArgumentError("invalid PKESK")
 	}
 
 	if e.KeyId != 0 && e.KeyId != forwarderKeyId {
-		return errors.InvalidArgumentError("invalid key id in PKESK")
+		return nil, errors.InvalidArgumentError("invalid key id in PKESK")
 	}
 
 	ephemeral := e.encryptedMPI1.Bytes()
-	transformed, err := ecdh.ProxyTransform(ephemeral, proxyParam)
+	transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	e.encryptedMPI1 = encoding.NewMPI(transformed)
-	if e.KeyId != 0 {
-		e.KeyId = forwardeeKeyId
+	wrappedKey := e.encryptedMPI2.Bytes()
+	copiedWrappedKey := make([]byte, len(wrappedKey))
+	copy(copiedWrappedKey, wrappedKey)
+
+	transformed = &EncryptedKey{
+		KeyId:         forwardeeKeyId,
+		Algo:          e.Algo,
+		encryptedMPI1: encoding.NewMPI(transformedEphemeral),
+		encryptedMPI2: encoding.NewOID(copiedWrappedKey),
 	}
 
-	return nil
+	if e.KeyId == 0 {
+		e.KeyId = 0
+	}
+
+	return transformed, nil
 }
 
 func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error {