From 2bfa88a4c9a55d1d9ef76b3518fb59ef8a6676e1 Mon Sep 17 00:00:00 2001
From: Ludovic Fernandez <ldez@users.noreply.github.com>
Date: Sun, 8 Mar 2026 10:52:34 +0100
Subject: [PATCH] feat: use the public key corresponding to the opaque (#2899)

---
 acme/api/internal/secure/signer.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/acme/api/internal/secure/signer.go b/acme/api/internal/secure/signer.go
index be4804b8f..6aa75cbc5 100644
--- a/acme/api/internal/secure/signer.go
+++ b/acme/api/internal/secure/signer.go
@@ -151,10 +151,10 @@ func sign(content []byte, signKey jose.SigningKey, options *jose.SignerOptions)
 func signatureAlgorithm(privKey crypto.Signer) jose.SignatureAlgorithm {
 	var alg jose.SignatureAlgorithm
 
-	switch k := privKey.(type) {
-	case *rsa.PrivateKey:
+	switch k := privKey.Public().(type) {
+	case *rsa.PublicKey:
 		alg = jose.RS256
-	case *ecdsa.PrivateKey:
+	case *ecdsa.PublicKey:
 		if k.Curve == elliptic.P256() {
 			alg = jose.ES256
 		} else if k.Curve == elliptic.P384() {