diff --git a/src/cmd_external_ecdh.rs b/src/cmd_external_ecdh.rs
index 2eff207..9ff07d9 100644
--- a/src/cmd_external_ecdh.rs
+++ b/src/cmd_external_ecdh.rs
@@ -1,6 +1,6 @@
 use crate::keyutil::{parse_key_uri, KeyAlgorithmId, KeyUri, KeyUsage};
 use crate::pivutil::ToStr;
-use crate::{cmd_hmac_decrypt, cmd_se_ecdh, cmdutil, ecdhutil, pivutil, seutil, util, yubikeyutil};
+use crate::{cmd_hmac_decrypt, cmd_se_ecdh, cmdutil, ecdhutil, mlkemutil, pivutil, seutil, util, yubikeyutil};
 use clap::{App, ArgMatches, SubCommand};
 use rust_util::util_clap::{Command, CommandError};
 use rust_util::XResult;
@@ -123,7 +123,14 @@ pub fn ecdh(
                     return Ok(shared_secret.to_vec());
                 }
 
-                simple_error!("Invalid private key and/or ephemeral public key")
+                simple_error!("Invalid EC private key and/or ephemeral public key")
+            } else if key.algorithm.is_mlkem() {
+                let private_key = cmd_hmac_decrypt::try_decrypt(&mut None, &key.hmac_enc_private_key)?;
+                let private_key_bytes = try_decode(&private_key)?;
+                if let Ok((_, shared_secret)) = mlkemutil::try_parse_decapsulate_key_private_then_decapsulate(&private_key_bytes, ephemeral_public_key_bytes) {
+                    return Ok(shared_secret);
+                }
+                simple_error!("Invalid ML-KEM private key and/or ephemeral public key")
             } else {
                 simple_error!("Invalid algorithm: {}", key.algorithm.to_str())
             }