diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
index 6c2407cdca3445..2f6cd7d1b227ef 100644
--- a/lib/internal/crypto/webcrypto.js
+++ b/lib/internal/crypto/webcrypto.js
@@ -1090,7 +1090,8 @@ async function getPublicKey(key, keyUsages) {
   });
 
   if (key[kKeyType] !== 'private')
-    throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+    throw lazyDOMException('key must be a private key',
+                           key[kKeyType] === 'secret' ? 'NotSupportedError' : 'InvalidAccessError');
 
   const keyObject = createPublicKey(key[kKeyObject]);
 
diff --git a/test/parallel/test-webcrypto-get-public-key.mjs b/test/parallel/test-webcrypto-get-public-key.mjs
index dda8d7e8d58802..9764aabd0a887e 100644
--- a/test/parallel/test-webcrypto-get-public-key.mjs
+++ b/test/parallel/test-webcrypto-get-public-key.mjs
@@ -41,11 +41,16 @@ for await (const { privateKey } of [
     name: 'SyntaxError',
     message: /Unsupported key usage/
   });
+
+  await assert.rejects(() => subtle.getPublicKey(publicKey, publicKey.usages), {
+    name: 'InvalidAccessError',
+    message: 'key must be a private key'
+  });
 }
 
 const secretKey = await subtle.generateKey(
   { name: 'AES-CBC', length: 128 }, true, ['encrypt', 'decrypt']);
 await assert.rejects(() => subtle.getPublicKey(secretKey, ['encrypt', 'decrypt']), {
-  name: 'InvalidAccessError',
+  name: 'NotSupportedError',
   message: 'key must be a private key'
 });