diff --git a/changelog/66772.fixed.md b/changelog/66772.fixed.md
new file mode 100644
index 00000000000..2f9f40ee523
--- /dev/null
+++ b/changelog/66772.fixed.md
@@ -0,0 +1 @@
+Fixed nacl.keygen for not yet existing sk_file or pk_file
diff --git a/salt/utils/nacl.py b/salt/utils/nacl.py
index cac3455d1a6..63d97e6f9ab 100644
--- a/salt/utils/nacl.py
+++ b/salt/utils/nacl.py
@@ -182,12 +182,12 @@ def keygen(sk_file=None, pk_file=None, **kwargs):
         with salt.utils.files.fopen(sk_file, "rb") as keyf:
             sk = salt.utils.stringutils.to_unicode(keyf.read()).rstrip("\n")
             sk = base64.b64decode(sk)
-        kp = nacl.public.PublicKey(sk)
+        kp = nacl.public.PrivateKey(sk)
         with salt.utils.files.fopen(pk_file, "wb") as keyf:
-            keyf.write(base64.b64encode(kp.encode()))
+            keyf.write(base64.b64encode(kp.public_key.encode()))
         return f"saved pk_file: {pk_file}"
 
-    kp = nacl.public.PublicKey.generate()
+    kp = nacl.public.PrivateKey.generate()
     with salt.utils.files.fopen(sk_file, "wb") as keyf:
         keyf.write(base64.b64encode(kp.encode()))
     if salt.utils.platform.is_windows():
@@ -200,7 +200,7 @@ def keygen(sk_file=None, pk_file=None, **kwargs):
         # chmod 0600 file
         os.chmod(sk_file, 1536)
     with salt.utils.files.fopen(pk_file, "wb") as keyf:
-        keyf.write(base64.b64encode(kp.encode()))
+        keyf.write(base64.b64encode(kp.public_key.encode()))
     return f"saved sk_file:{sk_file}  pk_file: {pk_file}"
 
 
diff --git a/tests/pytests/unit/utils/test_nacl.py b/tests/pytests/unit/utils/test_nacl.py
index 5c60d880b2f..91be6855487 100644
--- a/tests/pytests/unit/utils/test_nacl.py
+++ b/tests/pytests/unit/utils/test_nacl.py
@@ -73,6 +73,20 @@ def test_keygen_keyfile(test_keygen):
 
         ret = nacl.keygen(keyfile=fpath)
         assert f"saved pk_file: {fpath}.pub" == ret
+        with salt.utils.files.fopen(str(fpath) + ".pub", "rb") as rfh:
+            assert test_keygen["pk"] == rfh.read()
+        salt.utils.files.remove(str(fpath) + ".pub")
+
+
+def test_keygen_nonexistent_sk_file():
+    """
+    test nacl.keygen function
+    with nonexistent/new sk_file
+    """
+    with pytest.helpers.temp_file("test_keygen_sk_file") as fpath:
+        salt.utils.files.remove(str(fpath))
+        ret = nacl.keygen(sk_file=str(fpath))
+        assert f"saved sk_file:{fpath}  pk_file: {fpath}.pub" == ret
         salt.utils.files.remove(str(fpath) + ".pub")