diff --git a/CHANGELOG.md b/CHANGELOG.md
index a36c61a0..14b36564 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.9.4 (2023-11-20)
+### Added
+- Deterministic implementation of prime factors recovery ([#380])
+
+[#380]: https://github.com/RustCrypto/RSA/pull/380
+
 ## 0.9.3 (2023-10-26)
 ### Added
 - PKCS#8/SPKI decoding trait impls for `pkcs1v15` keys ([#346])
diff --git a/Cargo.lock b/Cargo.lock
index 1750cf12..71674ae7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -465,7 +465,7 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
 [[package]]
 name = "rsa"
-version = "0.9.3"
+version = "0.9.4"
 dependencies = [
  "base64ct",
  "const-oid",
diff --git a/Cargo.toml b/Cargo.toml
index 6323dc16..64b26102 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rsa"
-version = "0.9.3"
+version = "0.9.4"
 authors = ["RustCrypto Developers", "dignifiedquire <dignifiedquire@gmail.com>"]
 edition = "2021"
 description = "Pure Rust RSA implementation"
@@ -22,7 +22,7 @@ subtle = { version = "2.1.1", default-features = false }
 digest = { version = "0.10.5", default-features = false, features = ["alloc", "oid"] }
 pkcs1 = { version = "0.7.5", default-features = false, features = ["alloc", "pkcs8"] }
 pkcs8 = { version = "0.10.2", default-features = false, features = ["alloc"] }
-signature = { version = "2", default-features = false , features = ["alloc", "digest", "rand_core"] }
+signature = { version = ">2.0, <2.3", default-features = false , features = ["alloc", "digest", "rand_core"] }
 spki = { version = "0.7.2", default-features = false, features = ["alloc"] }
 zeroize = { version = "1.5", features = ["alloc"] }
 
diff --git a/src/key.rs b/src/key.rs
index 25e677d4..9589e1d3 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -229,7 +229,19 @@ impl RsaPrivateKey {
         RsaPrivateKey::from_components(components.n, components.e, components.d, components.primes)
     }
 
-    /// Constructs an RSA key pair from the individual components.
+    /// Constructs an RSA key pair from individual components:
+    ///
+    /// - `n`: RSA modulus
+    /// - `e`: public exponent (i.e. encrypting exponent)
+    /// - `d`: private exponent (i.e. decrypting exponent)
+    /// - `primes`: prime factors of `n`: typically two primes `p` and `q`. More than two primes can
+    ///   be provided for multiprime RSA, however this is generally not recommended. If no `primes`
+    ///   are provided, a prime factor recovery algorithm will be employed to attempt to recover the
+    ///   factors (as described in [NIST SP 800-56B Revision 2] Appendix C.2). This algorithm only
+    ///   works if there are just two prime factors `p` and `q` (as opposed to multiprime), and `e`
+    ///   is between 2^16 and 2^256.
+    ///
+    ///  [NIST SP 800-56B Revision 2]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf
     pub fn from_components(
         n: BigUint,
         e: BigUint,