diff --git a/CHANGES b/CHANGES
index a22575ee5f..c58aa87d5e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1736.	[bug]		dst_key_fromnamedfile() could fail to read a
+			public key. [RT #12687]
+			
 1735.	[bug]		'dig +sigtrace' could die with a REQUIRE failure.
 			[RE #12688]
 
diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c
index ba8cf21e8a..8d12bee55e 100644
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.117 2004/06/16 01:41:52 marka Exp $
+ * $Id: dst_api.c,v 1.118 2004/10/01 00:10:59 marka Exp $
  */
 
 #include <config.h>
@@ -396,7 +396,7 @@ dst_key_fromnamedfile(const char *filename, int type, isc_mem_t *mctx,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	if (type == DST_TYPE_PUBLIC ||
+	if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
 	    (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
 	{
 		result = computeid(pubkey);