diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c
index a82bd5b4..bbd25f70 100644
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@@ -35,10 +35,10 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
 	struct sc_security_env senv;
 	struct sc_context *ctx = p15card->card->ctx;
 	
-	senv.algorithm_ref = 0x02;
+	senv.algorithm_ref = 0x0102;
 	senv.key_file_id = prkey->file_id;
 	senv.operation = SC_SEC_OPERATION_DECIPHER;
-	senv.key_ref = prkey->key_reference;
+	senv.key_ref = 0x0100 | prkey->key_reference;
 	
 	SC_FUNC_CALLED(ctx, 1);
 	r = sc_select_file(p15card->card, &p15card->file_app.path,
@@ -65,7 +65,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 	struct sc_security_env senv;
 	struct sc_context *ctx = p15card->card->ctx;
 	
-	senv.algorithm_ref = 0x02;
+	senv.algorithm_ref = 0x0102;
 	switch (hash) {
 	case SC_PKCS15_HASH_SHA1:
 		senv.algorithm_ref |= 0x10;
@@ -76,7 +76,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 	}
 	senv.key_file_id = prkey->file_id;
 	senv.operation = SC_SEC_OPERATION_SIGN;
-	senv.key_ref = prkey->key_reference;
+	senv.key_ref = 0x0100 | prkey->key_reference;
 	
 	SC_FUNC_CALLED(ctx, 1);
 	r = sc_select_file(p15card->card, &p15card->file_app.path,
diff --git a/src/libopensc/sec.c b/src/libopensc/sec.c
index 7b97cd75..465a0d04 100644
--- a/src/libopensc/sec.c
+++ b/src/libopensc/sec.c
@@ -44,21 +44,28 @@ int sc_set_security_env(struct sc_card *card,
 		apdu.p1 = 0x81;
 		apdu.p2 = 0xB6;
 		break;
+	
 	default:
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}
 	apdu.le = 0;
 	p = sbuf;
-	*p++ = 0x80;		/* algorithm reference */
-	*p++ = 1;
-	*p++ = env->algorithm_ref;
-	*p++ = 0x81;
-	*p++ = env->key_file_id.len;
-	memcpy(p, env->key_file_id.value, env->key_file_id.len);
-	p += env->key_file_id.len;
-	*p++ = 0x84;
-	*p++ = 1;
-	*p++ = env->key_ref;
+	if (env->algorithm_ref >= 0) {
+		*p++ = 0x80;		/* algorithm reference */
+		*p++ = env->algorithm_ref >> 8;
+		*p++ = env->algorithm_ref & 0xFF;
+	}
+	if (env->key_file_id.len >= 0) {
+		*p++ = 0x81;
+		*p++ = env->key_file_id.len;
+		memcpy(p, env->key_file_id.value, env->key_file_id.len);
+		p += env->key_file_id.len;
+	}
+	if (env->key_ref >= 0) {
+		*p++ = 0x84;
+		*p++ = env->key_ref >> 8;
+		*p++ = env->key_ref & 0xFF;
+	}
 	r = p - sbuf;
 	apdu.lc = r;
 	apdu.datalen = r;