diff --git a/src/tests/fuzzing/fuzz_pkcs15_reader.c b/src/tests/fuzzing/fuzz_pkcs15_reader.c
index b6ab09f8..65d31ce4 100644
--- a/src/tests/fuzzing/fuzz_pkcs15_reader.c
+++ b/src/tests/fuzzing/fuzz_pkcs15_reader.c
@@ -233,10 +233,24 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
             int wrap_flags[] = {0, SC_ALGORITHM_AES_ECB, SC_ALGORITHM_AES_CBC_PAD,
                 SC_ALGORITHM_AES_CBC};
             for (i = 0; i < sizeof wrap_flags/sizeof *wrap_flags; i++) {
+                unsigned long l = sizeof buf;
                 struct sc_pkcs15_object target_key;
+                struct sc_pkcs15_skey_info skey_info;
+                memset(&target_key, 0, sizeof target_key);
+                memset(&skey_info, 0, sizeof skey_info);
+                target_key.type = SC_PKCS15_TYPE_SKEY;
+                target_key.flags = 2; /* TODO not sure what these mean */
+                target_key.session_object = 1;
+                target_key.data = skey_info;
+                skey_info.usage = (unsigned int) args.usage;
+                skey_info.native = 0; /* card can not use this */
+                skey_info.access_flags = 0; /* looks like not needed */
+                skey_info.key_type = 0x1fUL; /* CKK_AES */
+                skey_info.value_len = 128;
+                fuzz_get_chunk(reader, &skey_info.data.value, &skey_info.data.len);
+
                 sc_pkcs15_unwrap(p15card, obj, &target_key, wrap_flags[i],
                         in, in_len, param, param_len);
-                unsigned long l = sizeof buf;
                 sc_pkcs15_wrap(p15card, obj, &target_key, wrap_flags[i],
                         buf, &l, in, in_len);
             }