diff --git a/src/Core/Entities/User.cs b/src/Core/Entities/User.cs
index 5d687efe16..8b3b242c8f 100644
--- a/src/Core/Entities/User.cs
+++ b/src/Core/Entities/User.cs
@@ -4,6 +4,7 @@ using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
 using Bit.Core.Enums;
 using Bit.Core.KeyManagement.Models.Data;
+using Bit.Core.KeyManagement.Utilities;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Identity;
 
@@ -211,7 +212,17 @@ public class User : ITableObject<Guid>, IStorableSubscriber, IRevisable, ITwoFac
         return SecurityVersion ?? 1;
     }
 
-    public bool IsSecurityVersionTwo()
+    public bool IsSetupForV2Encryption()
+    {
+        return HasV2KeyShape() && IsSecurityVersionTwo();
+    }
+
+    private bool HasV2KeyShape()
+    {
+        return EncryptionParsing.GetEncryptionType(PrivateKey) == EncryptionType.XChaCha20Poly1305_B64;
+    }
+
+    private bool IsSecurityVersionTwo()
     {
         return SecurityVersion == 2;
     }
diff --git a/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs b/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs
index b39fa11320..f6fc64a4f7 100644
--- a/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs
+++ b/src/Core/KeyManagement/Queries/GetMinimumClientVersionForUserQuery.cs
@@ -13,7 +13,7 @@ public class GetMinimumClientVersionForUserQuery()
             return Task.FromResult<Version?>(null);
         }
 
-        if (user.IsSecurityVersionTwo())
+        if (user.IsSetupForV2Encryption())
         {
             return Task.FromResult(Constants.MinimumClientVersionForV2Encryption)!;
         }
diff --git a/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs b/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs
index db8a76e06b..b9bbbcd60b 100644
--- a/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs
+++ b/test/Core.Test/KeyManagement/Queries/GetMinimumClientVersionForUserQueryTests.cs
@@ -1,5 +1,6 @@
 using Bit.Core.Entities;
 using Bit.Core.KeyManagement.Queries;
+using Bit.Test.Common.Constants;
 using Xunit;
 
 namespace Bit.Core.Test.KeyManagement.Queries;
@@ -12,7 +13,8 @@ public class GetMinimumClientVersionForUserQueryTests
         var sut = new GetMinimumClientVersionForUserQuery();
         var version = await sut.Run(new User
         {
-            SecurityVersion = 2
+            SecurityVersion = 2,
+            PrivateKey = TestEncryptionConstants.V2PrivateKey,
         });
         Assert.Equal(Core.KeyManagement.Constants.MinimumClientVersionForV2Encryption, version);
     }
@@ -23,7 +25,8 @@ public class GetMinimumClientVersionForUserQueryTests
         var sut = new GetMinimumClientVersionForUserQuery();
         var version = await sut.Run(new User
         {
-            SecurityVersion = 1
+            SecurityVersion = 1,
+            PrivateKey = TestEncryptionConstants.V2PrivateKey,
         });
         Assert.Null(version);
     }