diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
index 02cc81a..0563428 100644
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@@ -14,7 +14,7 @@ jobs:
     - uses: actions/setup-java@v3
       with:
         distribution: temurin
-        java-version: 11
+        java-version: 17
 
     - name: Setup Gradle
       uses: gradle/gradle-build-action@v2
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index 41d9927..a4b76b9 100644
Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index aa991fc..9355b41 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index 1b6c787..f5feea6 100755
--- a/gradlew
+++ b/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +82,12 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +134,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,11 +201,15 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
@@ -205,6 +217,12 @@ set -- \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.
diff --git a/gradlew.bat b/gradlew.bat
index 107acd3..9d21a21 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -13,8 +13,10 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +27,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,13 +43,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -56,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -75,13 +78,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal
diff --git a/lib/build.gradle b/lib/build.gradle
index c019583..0c06597 100644
--- a/lib/build.gradle
+++ b/lib/build.gradle
@@ -5,7 +5,9 @@ plugins {
     id 'signing'
 }
 
-archivesBaseName = 'certy'
+base {
+    archivesName = 'certy'
+}
 
 repositories {
     mavenCentral()
@@ -14,6 +16,7 @@ repositories {
 dependencies {
     implementation 'org.bouncycastle:bcpkix-jdk18on:1.78.1'
     testImplementation 'org.junit.jupiter:junit-jupiter:5.11.3'
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 
 tasks.named('test') {
@@ -29,9 +32,10 @@ java {
     withSourcesJar()
 }
 
-// Compatibility with JDK8.
+// Compatibility with JDK15.
+// - Ed25519 was added in JDK15.
 compileJava {
-    options.release = 8
+    options.release = 15
 }
 
 publishing {
diff --git a/lib/src/main/java/fi/protonode/certy/Credential.java b/lib/src/main/java/fi/protonode/certy/Credential.java
index 114c1d5..256ad69 100644
--- a/lib/src/main/java/fi/protonode/certy/Credential.java
+++ b/lib/src/main/java/fi/protonode/certy/Credential.java
@@ -73,7 +73,8 @@ public class Credential {
     /** Key type values for {@link #keyType}. */
     public enum KeyType {
         EC,
-        RSA
+        RSA,
+        ED25519
     }
 
     /** Key usage values for {@link #keyUsages}. */
@@ -201,9 +202,12 @@ public Credential keyType(KeyType val) {
 
     /**
      * Defines the key length in bits.
-     * Default value is 256 (EC) or 2048 (RSA) if keySize is not set.<p>
-     * Examples: For keyType EC: 256, 384, 521.
-     *           For keyType RSA: 1024, 2048, 4096.
+     * Default value is 256 (EC) or 2048 (RSA) if keySize is not set.
+     * <p>
+     * Examples:
+     * For keyType EC: 256, 384, 521.
+     * For keyType RSA: 1024, 2048, 4096.
+     * For keyType ED25519: 255.
      *
      * @param val Key size.
      * @return The Credential itself.
@@ -612,6 +616,8 @@ private void setDefaults() {
                 keySize = 256;
             } else if (keyType == KeyType.RSA) {
                 keySize = 2048;
+            } else if (keyType == KeyType.ED25519) {
+                keySize = 255;
             }
         }
 
@@ -668,6 +674,8 @@ protected static String signatureAlgorithm(PublicKey pub) {
                 }
             case "RSA":
                 return "SHA256WithRSAEncryption";
+            case "EdDSA":
+                return "Ed25519";
             default:
                 throw new UnsupportedOperationException("unsupported private key algorithm: " + pub.getAlgorithm());
         }
diff --git a/lib/src/test/java/fi/protonode/certy/TestCredential.java b/lib/src/test/java/fi/protonode/certy/TestCredential.java
index b62ce7d..a390d25 100644
--- a/lib/src/test/java/fi/protonode/certy/TestCredential.java
+++ b/lib/src/test/java/fi/protonode/certy/TestCredential.java
@@ -50,6 +50,7 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.EdECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.ECParameterSpec;
 import java.security.spec.InvalidKeySpecException;
@@ -115,6 +116,16 @@ void testRsaKeySizes() throws Exception {
         expectKey(cred.getX509Certificate(), "RSA", 4096);
     }
 
+    @Test
+    void testEd25519Certificate() throws Exception {
+        Credential cred = new Credential().subject("CN=joe")
+                .keyType(KeyType.ED25519);
+        X509Certificate cert = cred.getX509Certificate();
+        assertNotNull(cert);
+        EdECPublicKey key = (EdECPublicKey) cert.getPublicKey();
+        assertEquals("Ed25519", key.getAlgorithm());
+    }
+
     @Test
     void testExpires() throws Exception {
         Duration hour = Duration.of(1, ChronoUnit.HOURS);
@@ -256,6 +267,9 @@ void testInvalidKeySize() throws Exception {
 
         Credential cred2 = new Credential().subject("CN=joe").keyType(KeyType.RSA).keySize(1);
         assertThrows(IllegalArgumentException.class, () -> cred2.getX509Certificate());
+
+        Credential cred3 = new Credential().subject("CN=joe").keyType(KeyType.ED25519).keySize(1);
+        assertThrows(IllegalArgumentException.class, () -> cred3.getX509Certificate());
     }
 
     @Test