diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c
index d9854a42..d98b787a 100644
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@@ -1004,6 +1004,19 @@ failed:	fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
 	return SC_ERROR_PKCS15INIT;
 }
 
+static void sc_pkcs15_inc_id(sc_pkcs15_id_t *id)
+{
+	int len;
+	for (len = id->len - 1; len >= 0; len--) {
+		if (id->value[len]++ != 0xFF)
+			break;
+	}
+	if (len < 0 && id->len < SC_PKCS15_MAX_ID_SIZE)	{
+		memmove(id->value + 1, id->value, id->len++);
+		id->value[0] = 1;
+	}
+}
+
 /*
  * Store a private key
  */
@@ -1042,12 +1055,14 @@ do_store_private_key(struct sc_profile *profile)
 
 		/* tell openssl to cache the extensions */
 		X509_check_purpose(cert[0], -1, -1);
-		usage = X509_get_extended_key_usage(cert[0]);
+		usage = X509_get_key_usage(cert[0]);
 
 		/* No certificate usage? Assume ordinary
 		 * user cert */
 		if (usage == 0)
-			usage = 0x1F;
+			usage = KU_NON_REPUDIATION
+				| KU_DIGITAL_SIGNATURE
+				| KU_KEY_ENCIPHERMENT;
 
 		/* If the user requested a specific key usage on the
 		 * command line check if it includes _more_
@@ -1065,10 +1080,7 @@ do_store_private_key(struct sc_profile *profile)
 		args.x509_usage = opt_x509_usage? opt_x509_usage : usage;
 	}
 
-	args.access_flags |=
-		  SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-		| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-		| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
+	args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
 
 	r = sc_lock(p15card->card);
 	if (r < 0)
@@ -1096,7 +1108,7 @@ do_store_private_key(struct sc_profile *profile)
 			return r;
 
 		X509_check_purpose(cert[i], -1, -1);
-		cargs.x509_usage = X509_get_extended_key_usage(cert[i]);
+		cargs.x509_usage = X509_get_key_usage(cert[i]);
 
 		cargs.label = cert_common_name(cert[i]);
 		if (!cargs.label)
@@ -1114,6 +1126,8 @@ do_store_private_key(struct sc_profile *profile)
 				printf("Certificate #%d already present, not stored.\n", i);
 				goto next_cert;
 			}
+			sc_pkcs15_inc_id(&args.id);
+			cargs.id = args.id;
 			cargs.authority = 1;
 		}
 
@@ -1238,10 +1252,7 @@ do_store_secret_key(struct sc_profile *profile)
 
 	args.algorithm = algorithm;
 	args.value_len = keybits;
-	args.access_flags |=
-		  SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-		| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-		| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
+	args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
 
 	r = sc_lock(p15card->card);
 	if (r < 0)