diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java
index 079eca612..18cb468b7 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java
@@ -102,7 +102,9 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
 				throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + key);
 			}
 		}
+		
 		buildEncryptersAndDecrypters();
+		
 	}
 	
 
@@ -116,7 +118,14 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
 	}
 
 	public String getDefaultEncryptionKeyId() {
-		return defaultEncryptionKeyId;
+		if (defaultEncryptionKeyId != null) {
+			return defaultEncryptionKeyId;
+		} else if (keys.size() == 1) {
+			// if there's only one key in the map, it's the default
+			return keys.keySet().iterator().next();
+		} else {
+			return null;
+		}
 	}
 
 	public void setDefaultEncryptionKeyId(String defaultEncryptionKeyId) {
@@ -124,7 +133,14 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
 	}
 
 	public String getDefaultDecryptionKeyId() {
-		return defaultDecryptionKeyId;
+		if (defaultDecryptionKeyId != null) {
+			return defaultDecryptionKeyId;
+		} else if (keys.size() == 1) {
+			// if there's only one key in the map, it's the default
+			return keys.keySet().iterator().next();
+		} else {
+			return null;
+		}
 	}
 
 	public void setDefaultDecryptionKeyId(String defaultDecryptionKeyId) {
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
index 4471cd79e..639e8e2b6 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
@@ -109,7 +109,14 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
 	 * @return the defaultSignerKeyId
 	 */
 	public String getDefaultSignerKeyId() {
-		return defaultSignerKeyId;
+		if (defaultSignerKeyId != null) {
+			return defaultSignerKeyId;
+		} else if (keys.size() == 1) {
+			// if there's only one key, it's the default
+			return keys.keySet().iterator().next();
+		} else {
+			return null;
+		}
 	}
 
 	/**