diff --git a/spki/src/lib.rs b/spki/src/lib.rs
index 026109c29..6c0caa72a 100644
--- a/spki/src/lib.rs
+++ b/spki/src/lib.rs
@@ -61,6 +61,7 @@ pub use {
         spki::SubjectPublicKeyInfoOwned,
         traits::{
             DynAssociatedAlgorithmIdentifier, DynSignatureAlgorithmIdentifier, EncodePublicKey,
+            SignatureBitStringEncoding,
         },
     },
     der::Document,
diff --git a/spki/src/traits.rs b/spki/src/traits.rs
index 1126c7c40..764b02a4a 100644
--- a/spki/src/traits.rs
+++ b/spki/src/traits.rs
@@ -6,7 +6,7 @@ use der::{EncodeValue, Tagged};
 #[cfg(feature = "alloc")]
 use {
     crate::AlgorithmIdentifierOwned,
-    der::{Any, Document},
+    der::{asn1::BitString, Any, Document},
 };
 
 #[cfg(feature = "pem")]
@@ -173,3 +173,12 @@ where
         })
     }
 }
+
+/// Returns the `BitString` encoding of the signature.
+///
+/// X.509 and CSR structures require signatures to be BitString encoded.
+#[cfg(feature = "alloc")]
+pub trait SignatureBitStringEncoding {
+    /// `BitString` encoding for this signature.
+    fn to_bitstring(&self) -> der::Result<BitString>;
+}