diff --git a/src/pkcs15init/etoken.profile b/src/pkcs15init/etoken.profile
index 11f7bc35..8f93adac 100644
--- a/src/pkcs15init/etoken.profile
+++ b/src/pkcs15init/etoken.profile
@@ -33,7 +33,7 @@ filesystem {
 		type		= internal-ef;
     	        file-id		= 4B01;	# This is the base FileID
 		size		= 266;  # 266 is enough for 1024-bit keys
-    	        ACL		= *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
+    	        ACL		= *=NEVER, UPDATE=$PIN;
             }
 	    EF template-public-key {
 		file-id		= 5501;
@@ -47,6 +47,12 @@ filesystem {
     	        file-id		= 7000;
     	        ACL		= *=NEVER, READ=$PIN, UPDATE=$PIN;
             }
+	    EF tempfile {
+	        file-id		= 7EAD;
+		structure	= linear-variable-tlv;
+		ACL		= *=NONE;
+		size		= 512;
+	    }
 	}
     }
 }
diff --git a/src/pkcs15init/pkcs15-init.h b/src/pkcs15init/pkcs15-init.h
index b645cbb0..40b65e51 100644
--- a/src/pkcs15init/pkcs15-init.h
+++ b/src/pkcs15init/pkcs15-init.h
@@ -54,6 +54,14 @@ struct sc_pkcs15init_operations {
 	 */
 	int	(*new_file)(struct sc_profile *, struct sc_card *,
 			unsigned int, unsigned int, struct sc_file **out);
+
+	/*
+	 * Generate a new key pair
+	 */
+	int	(*generate_key)(struct sc_profile *, struct sc_card *,
+			unsigned int index, unsigned int keybits,
+			sc_pkcs15_pubkey_t *pubkey_res);
+
 };
 
 /* Do not change these or reorder these */
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 4622d745..25d7f6fb 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -371,8 +371,39 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card,
 		unsigned int keybits,
 		struct sc_pkcs15_object **res_obj)
 {
-	/* Currently, we do not support on-board key generation */
-	return SC_ERROR_NOT_SUPPORTED;
+	struct sc_pkcs15init_pubkeyargs pubkey_args;
+	int		r, index;
+
+	/* For now, we support just RSA key pair generation */
+	if (keyargs->key.algorithm != SC_ALGORITHM_RSA)
+		return SC_ERROR_NOT_SUPPORTED;
+
+	if (profile->ops->generate_key == NULL)
+		return SC_ERROR_NOT_SUPPORTED;
+
+	if (keyargs->auth_id.len != 0) {
+		struct sc_pkcs15_pin_info *pin_info;
+		struct sc_pkcs15_object	*objp;
+
+		r = sc_pkcs15_find_pin_by_auth_id(p15card,
+				&keyargs->auth_id, &objp);
+		if (r < 0)
+			return r;
+		pin_info = (struct sc_pkcs15_pin_info *) objp->data;
+		sc_profile_set_pin_info(profile,
+				SC_PKCS15INIT_USER_PIN, pin_info);
+	}
+
+	memset(&pubkey_args, 0, sizeof(pubkey_args));
+
+	index = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);
+	r = profile->ops->generate_key(profile, p15card->card, index, keybits,
+			&pubkey_args.key);
+	if (r < 0)
+		return r;
+
+	/* XXX: add PrKDF entrye and write public key */
+	return SC_ERROR_INTERNAL;
 }