diff --git a/core/java/src/net/i2p/crypto/elgamal/spec/ElGamalParameterSpec.java b/core/java/src/net/i2p/crypto/elgamal/spec/ElGamalParameterSpec.java
index b4ae9ea36e3e2fb362e9a562df83539d4680f29f..50284884a67260f82002409989a28734b4dca7e2 100644
--- a/core/java/src/net/i2p/crypto/elgamal/spec/ElGamalParameterSpec.java
+++ b/core/java/src/net/i2p/crypto/elgamal/spec/ElGamalParameterSpec.java
@@ -8,7 +8,7 @@ import java.security.spec.AlgorithmParameterSpec;
  *  This can't actually be passed to the BC provider, we would have to
  *  use reflection to create a "real" org.bouncycasle.jce.spec.ElGamalParameterSpec.
  *
- *  @since 0.9.18
+ *  @since 0.9.18, moved from net.i2p.crypto in 0.9.25
  */
 public class ElGamalParameterSpec implements AlgorithmParameterSpec {
     private final BigInteger p;
@@ -43,4 +43,32 @@ public class ElGamalParameterSpec implements AlgorithmParameterSpec {
     public BigInteger getG() {
         return g;
     }
+
+    /**
+     * @since 0.9.25
+     */
+    @Override
+    public int hashCode() {
+        return p.hashCode() ^ g.hashCode();
+    }
+
+    /**
+     * @since 0.9.25
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null)
+            return false;
+        BigInteger op, og;
+        if (obj instanceof ElGamalParameterSpec) {
+            ElGamalParameterSpec egps = (ElGamalParameterSpec) obj;
+            op = egps.getP();
+            og = egps.getG();
+        //} else if (obj.getClass().getName().equals("org.bouncycastle.jce.spec.ElGamalParameterSpec")) {
+            //reflection... no...
+        } else {
+            return false;
+        }
+        return p.equals(op) && g.equals(og);
+    }
 }
diff --git a/core/java/src/net/i2p/crypto/provider/I2PProvider.java b/core/java/src/net/i2p/crypto/provider/I2PProvider.java
index 958f307c4406f893acc90658761d485d93d33604..b6b26d396d779b8a04d9414b798934b64b8ef539 100644
--- a/core/java/src/net/i2p/crypto/provider/I2PProvider.java
+++ b/core/java/src/net/i2p/crypto/provider/I2PProvider.java
@@ -64,6 +64,10 @@ public final class I2PProvider extends Provider {
         // keytool error: java.security.NoSuchAlgorithmException: unrecognized algorithm name: SHA512withEdDSA
         put("Alg.Alias.KeyPairGenerator.1.3.101.100", "EdDSA");
         put("Alg.Alias.KeyPairGenerator.OID.1.3.101.100", "EdDSA");
+        // with this setting, keytool keygen doesn't work
+        // java.security.cert.CertificateException: Signature algorithm mismatch
+        // it must match the key setting (1.3.101.100) to work
+        // but this works fine with programmatic cert generation
         put("Alg.Alias.Signature.1.3.101.101", "SHA512withEdDSA");
         put("Alg.Alias.Signature.OID.1.3.101.101", "SHA512withEdDSA");
         // TODO Ed25519ph