diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index caf5e6b3..51c3df10 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -2142,6 +2142,7 @@ class Crypt_RSA {
         }
 
         // EME-PKCS1-v1_5 encoding
+
         $psLen = $this->k - $mLen - 3;
         $ps = '';
         while (strlen($ps) != $psLen) {
@@ -2149,7 +2150,14 @@ class Crypt_RSA {
             $temp = str_replace("\x00", '', $temp);
             $ps.= $temp;
         }
-        $em = chr(0) . chr(2) . $ps . chr(0) . $m;
+        $type = 2;
+        // see the comments of _rsaes_pkcs1_v1_5_decrypt() to understand why this is being done
+        if (defined('CRYPT_RSA_PKCS15_COMPAT') && (!isset($this->publicExponent) || $this->exponent !== $this->publicExponent)) {
+            $type = 1;
+            // "The padding string PS shall consist of k-3-||D|| octets. ... for block type 01, they shall have value FF"
+            $ps = str_repeat("\xFF", $psLen);
+        }
+        $em = chr(0) . chr($type) . $ps . chr(0) . $m;
 
         // RSA encryption
         $m = $this->_os2ip($em);
@@ -2650,4 +2658,4 @@ class Crypt_RSA {
                 return $this->_rsassa_pss_verify($message, $signature);
         }
     }
-}
+}
\ No newline at end of file