diff --git a/kms/localkms/localkms.go b/kms/localkms/localkms.go
index 0a1fea6..ae6df2b 100644
--- a/kms/localkms/localkms.go
+++ b/kms/localkms/localkms.go
@@ -311,7 +311,7 @@ func (l *LocalKMS) CreateAndExportPubKeyBytes(kt kmsapi.KeyType, opts ...kmsapi.
 // Note: The key handle created is not stored in the KMS, it's only useful to execute the crypto primitive
 // associated with it.
 func (l *LocalKMS) PubKeyBytesToHandle(pubKey []byte, kt kmsapi.KeyType, opts ...kmsapi.KeyOpts) (interface{}, error) {
-	return publicKeyBytesToHandle(pubKey, kt, opts...)
+	return PublicKeyBytesToHandle(pubKey, kt, opts...)
 }
 
 // ImportPrivateKey will import privKey into the KMS storage for the given keyType then returns the new key id and
diff --git a/kms/localkms/pubkey_export_import_test.go b/kms/localkms/pubkey_export_import_test.go
index 40d02a5..cedbdab 100644
--- a/kms/localkms/pubkey_export_import_test.go
+++ b/kms/localkms/pubkey_export_import_test.go
@@ -94,7 +94,7 @@ func TestPubKeyExportAndRead(t *testing.T) {
 		t.Run(tt.tcName, func(t *testing.T) {
 			exportedKeyBytes, origKH := exportRawPublicKeyBytes(t, tt.keyTemplate, false)
 
-			kh, err := publicKeyBytesToHandle(exportedKeyBytes, tt.keyType)
+			kh, err := PublicKeyBytesToHandle(exportedKeyBytes, tt.keyType)
 			require.NoError(t, err)
 			require.NotEmpty(t, kh)
 
@@ -179,49 +179,49 @@ func exportRawPublicKeyBytes(t *testing.T, keyTemplate *tinkpb.KeyTemplate, expe
 
 func TestNegativeCases(t *testing.T) {
 	t.Run("test publicKeyBytesToHandle with empty pubKey", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{}, kms.ECDSAP256TypeIEEEP1363)
+		kh, err := PublicKeyBytesToHandle([]byte{}, kms.ECDSAP256TypeIEEEP1363)
 		require.EqualError(t, err, "pubKey is empty")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with empty KeyType", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, "")
+		kh, err := PublicKeyBytesToHandle([]byte{1}, "")
 		require.EqualError(t, err, "error getting marshalled proto key: invalid key type")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP256TypeDER", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP256TypeDER)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP256TypeDER)
 		require.EqualError(t, err, "error getting marshalled proto key: asn1: syntax error: truncated tag or length")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP256TypeIEEEP1363", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP256TypeIEEEP1363)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP256TypeIEEEP1363)
 		require.EqualError(t, err, "error getting marshalled proto key: failed to unamrshal public ecdsa key")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP384TypeDER", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP384TypeDER)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP384TypeDER)
 		require.EqualError(t, err, "error getting marshalled proto key: asn1: syntax error: truncated tag or length")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP384TypeIEEEP1363", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP384TypeIEEEP1363)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP384TypeIEEEP1363)
 		require.EqualError(t, err, "error getting marshalled proto key: failed to unamrshal public ecdsa key")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP521TypeDER", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP521TypeDER)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP521TypeDER)
 		require.EqualError(t, err, "error getting marshalled proto key: asn1: syntax error: truncated tag or length")
 		require.Empty(t, kh)
 	})
 
 	t.Run("test publicKeyBytesToHandle with bad pubKey and ECDSAP521TypeIEEEP1363", func(t *testing.T) {
-		kh, err := publicKeyBytesToHandle([]byte{1}, kms.ECDSAP521TypeIEEEP1363)
+		kh, err := PublicKeyBytesToHandle([]byte{1}, kms.ECDSAP521TypeIEEEP1363)
 		require.EqualError(t, err, "error getting marshalled proto key: failed to unamrshal public ecdsa key")
 		require.Empty(t, kh)
 	})
diff --git a/kms/localkms/pubkey_reader.go b/kms/localkms/pubkey_reader.go
index 61fa1d4..a8cf9bc 100644
--- a/kms/localkms/pubkey_reader.go
+++ b/kms/localkms/pubkey_reader.go
@@ -29,7 +29,11 @@ import (
 	secp256k1subtle "github.com/trustbloc/kms-crypto-go/crypto/tinkcrypto/primitive/secp256k1/subtle"
 )
 
-func publicKeyBytesToHandle(pubKey []byte, kt kms.KeyType, opts ...kms.KeyOpts) (*keyset.Handle, error) {
+// PublicKeyBytesToHandle will create and return a key handle for pubKey of type kt
+// it returns an error if it failed creating the key handle
+// Note: The key handle created is not stored in the KMS, it's only useful to execute the crypto primitive
+// associated with it.
+func PublicKeyBytesToHandle(pubKey []byte, kt kms.KeyType, opts ...kms.KeyOpts) (*keyset.Handle, error) {
 	if len(pubKey) == 0 {
 		return nil, fmt.Errorf("pubKey is empty")
 	}