diff --git a/opendkim/opendkim-testkey.c b/opendkim/opendkim-testkey.c
index fc1df4af..e6929836 100644
--- a/opendkim/opendkim-testkey.c
+++ b/opendkim/opendkim-testkey.c
@@ -52,6 +52,7 @@
 #include "config.h"
 #include "opendkim-config.h"
 #include "opendkim-crypto.h"
+#include "opendkim-const.h"
 
 /* macros */
 #define	CMDLINEOPTS	"d:k:s:vx:"
@@ -236,6 +237,8 @@ main(int argc, char **argv)
 	char domain[BUFRSZ];
 	char selector[BUFRSZ];
 	char keypath[MAXBUFRSZ];
+	char signalgstr[BUFRSZ];
+	dkim_alg_t signalg;
 
 	progname = (p = strrchr(argv[0], '/')) == NULL ? argv[0] : p + 1;
 
@@ -464,7 +467,7 @@ main(int argc, char **argv)
 		size_t keylen;
 		DKIMF_DB db;
 		char keyname[BUFRSZ + 1];
-		struct dkimf_db_data dbd[3];
+		struct dkimf_db_data dbd[4];
 
 		memset(dbd, '\0', sizeof dbd);
 
@@ -491,6 +494,7 @@ main(int argc, char **argv)
 			memset(domain, '\0', sizeof domain);
 			memset(selector, '\0', sizeof selector);
 			memset(keypath, '\0', sizeof keypath);
+			memset(signalgstr, '\0', sizeof signalgstr);
 
 			dbd[0].dbdata_buffer = domain;
 			dbd[0].dbdata_buflen = sizeof domain;
@@ -498,11 +502,14 @@ main(int argc, char **argv)
 			dbd[1].dbdata_buflen = sizeof selector;
 			dbd[2].dbdata_buffer = keypath;
 			dbd[2].dbdata_buflen = sizeof keypath;
+			dbd[3].dbdata_buffer = signalgstr;
+			dbd[3].dbdata_buflen = sizeof signalgstr;
+			dbd[3].dbdata_flags = DKIMF_DB_DATA_OPTIONAL;
 
 			keylen = sizeof keyname;
 
 			status = dkimf_db_walk(db, c == 0, keyname, &keylen,
-			                       dbd, 3);
+			                       dbd, 4);
 			if (status == -1)
 			{
 				fprintf(stderr,
@@ -524,6 +531,26 @@ main(int argc, char **argv)
 				        progname, c, keyname);
 			}
 
+			if (signalgstr[0] != '\0')
+			{
+				signalg = dkimf_lookup_strtoint(signalgstr, dkimf_sign);
+				if (signalg == -1)
+				{
+					fprintf(stderr,
+					        "%s: unknown sign algorithm "
+					        "'%s' for key '%s'\n",
+					        progname, signalgstr, keyname);
+					return 1;
+				}
+
+				if (verbose > 1)
+				{
+					fprintf(stderr,
+				        "%s: key '%s': sign algorithm is '%s'\n",
+				        progname, keyname, signalgstr);
+				}
+			}
+
 			if (keypath[0] == '/' ||
 			    strncmp(keypath, "./", 2) == 0 ||
 			    strncmp(keypath, "../", 3) == 0)
@@ -572,6 +599,9 @@ main(int argc, char **argv)
 				        progname, keyname);
 			}
 
+			/* To do: check consistency of the key and algorithm.
+			   It is needed to extend dkim_test_key() for it */
+
 			dnssec = DKIM_DNSSEC_UNKNOWN;
 
 			status = dkim_test_key(lib, selector, domain,