diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index d2ef3ee5..e22c05f8 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -95,6 +95,9 @@ struct ssh_key_struct {
     uint8_t sk_flags;
     ssh_string sk_key_handle;
     ssh_string sk_reserved;
+
+    /* Resident key specific metadata */
+    ssh_string sk_user_id;
 };
 
 struct ssh_signature_struct {
diff --git a/src/pki.c b/src/pki.c
index e9366a26..d8d171cb 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -166,6 +166,13 @@ ssh_key pki_key_dup_common_init(const ssh_key key, int demote)
             goto fail;
         }
 
+        if (key->sk_user_id != NULL) {
+            new->sk_user_id = ssh_string_copy(key->sk_user_id);
+            if (new->sk_user_id == NULL) {
+                goto fail;
+            }
+        }
+
         if (!demote) {
             new->sk_flags = key->sk_flags;
 
@@ -232,6 +239,8 @@ void ssh_key_clean (ssh_key key)
         ssh_string_free(key->sk_key_handle);
         ssh_string_burn(key->sk_reserved);
         ssh_string_free(key->sk_reserved);
+        ssh_string_burn(key->sk_user_id);
+        ssh_string_free(key->sk_user_id);
         key->sk_flags = 0;
     }
     key->cert_type = SSH_KEYTYPE_UNKNOWN;
@@ -787,6 +796,10 @@ int ssh_key_cmp(const ssh_key k1,
             return 1;
         }
 
+        if (ssh_string_cmp(k1->sk_user_id, k2->sk_user_id) != 0) {
+            return 1;
+        }
+
         if (what == SSH_KEY_CMP_PRIVATE) {
             if (k1->sk_flags != k2->sk_flags) {
                 return 1;