diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h
index 1390f4caa2c9110db61a40d7a959ce99fcb2b454..3514ba75badc9d20ea41c6372c94a3117baefa36 100644
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -148,6 +148,7 @@ struct OPENDHT_PUBLIC PrivateKey
      *      Recommended values: 4096, 8192
      */
     static PrivateKey generate(unsigned key_length = 4096);
+    static PrivateKey generateEC();
 
     gnutls_privkey_t key {};
     gnutls_x509_privkey_t x509_key {};
diff --git a/src/crypto.cpp b/src/crypto.cpp
index 280e472a9e1c04ba7c90f51fc547868aafa71c31..f34849a44796a2f3b37ae873293cc9c273ec77ea 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -739,6 +739,20 @@ PrivateKey::generate(unsigned key_length)
     return PrivateKey{key};
 }
 
+PrivateKey
+PrivateKey::generateEC()
+{
+    gnutls_x509_privkey_t key;
+    if (gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS)
+        throw CryptoException("Can't initialize private key.");
+    int err = gnutls_x509_privkey_generate(key, GNUTLS_PK_EC, gnutls_sec_param_to_pk_bits(GNUTLS_PK_EC, GNUTLS_SEC_PARAM_ULTRA), 0);
+    if (err != GNUTLS_E_SUCCESS) {
+        gnutls_x509_privkey_deinit(key);
+        throw CryptoException(std::string("Can't generate EC key pair: ") + gnutls_strerror(err));
+    }
+    return PrivateKey{key};
+}
+
 Identity
 generateIdentity(const std::string& name, crypto::Identity ca, unsigned key_length, bool is_ca)
 {