diff --git a/keyset/handle_test.go b/keyset/handle_test.go
index 4ff5051..00d57e4 100644
--- a/keyset/handle_test.go
+++ b/keyset/handle_test.go
@@ -54,6 +54,23 @@ func TestNewHandle(t *testing.T) {
 	}
 }
 
+func TestKeysetMaterialMakesACopy(t *testing.T) {
+	wantProtoKeyset := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{
+		testutil.NewKey(testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_SYMMETRIC), tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK),
+	})
+	handle, err := testkeyset.NewHandle(wantProtoKeyset)
+	if err != nil {
+		t.Errorf("testkeyset.NewHandle(wantProtoKeyset) = %v, want nil", err)
+	}
+	gotProtoKeyset := testkeyset.KeysetMaterial(handle)
+	if wantProtoKeyset == gotProtoKeyset {
+		t.Errorf("testkeyset.KeysetMaterial(handle) = %v, want a copy of %v", gotProtoKeyset, wantProtoKeyset)
+	}
+	if !proto.Equal(gotProtoKeyset, wantProtoKeyset) {
+		t.Errorf("testkeyset.NewHandle(wantProtoKeyset) = %v, want %v", gotProtoKeyset, wantProtoKeyset)
+	}
+}
+
 func TestNewHandleWithInvalidTypeURLFails(t *testing.T) {
 	// template with unknown TypeURL
 	invalidTemplate := mac.HMACSHA256Tag128KeyTemplate()
diff --git a/keyset/keyset.go b/keyset/keyset.go
index e99c27f..4392023 100644
--- a/keyset/keyset.go
+++ b/keyset/keyset.go
@@ -17,6 +17,7 @@
 package keyset
 
 import (
+	"google.golang.org/protobuf/proto"
 	"github.com/tink-crypto/tink-go/v2/internal"
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
@@ -30,9 +31,9 @@ func keysetHandle(ks *tinkpb.Keyset, opts ...Option) (*Handle, error) {
 
 // keysetMaterial is used by package insecurecleartextkeyset and package
 // testkeyset (via package internal) to read the key material in a
-// keyset.Handle.
+// keyset.Handle. Returns a clone of the keyset.
 func keysetMaterial(h *Handle) *tinkpb.Keyset {
-	return h.ks
+	return proto.Clone(h.ks).(*tinkpb.Keyset)
 }
 
 func init() {