diff --git a/src/libopensc/pkcs15-actalis.c b/src/libopensc/pkcs15-actalis.c
index de335891..b8b2a0f7 100644
--- a/src/libopensc/pkcs15-actalis.c
+++ b/src/libopensc/pkcs15-actalis.c
@@ -122,10 +122,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
         info.modulus_length    = modulus_length;
         info.usage             = usage;
         info.native            = 1;
-        info.access_flags      = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-                                | SC_PKCS15_PRKEY_ACCESS_LOCAL;
         info.key_reference     = ref;
 
         if (path)
diff --git a/src/libopensc/pkcs15-atrust-acos.c b/src/libopensc/pkcs15-atrust-acos.c
index 67717cd2..f59539bb 100644
--- a/src/libopensc/pkcs15-atrust-acos.c
+++ b/src/libopensc/pkcs15-atrust-acos.c
@@ -235,11 +235,6 @@ static int sc_pkcs15emu_atrust_acos_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);
diff --git a/src/libopensc/pkcs15-esteid.c b/src/libopensc/pkcs15-esteid.c
index adf080b3..6975fe10 100644
--- a/src/libopensc/pkcs15-esteid.c
+++ b/src/libopensc/pkcs15-esteid.c
@@ -238,11 +238,6 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 		prkey_info.id.value[0] = prkey_pin[i];
 		prkey_info.usage  = prkey_usage[i];
 		prkey_info.native = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = i + 1;
 		if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
 			prkey_info.modulus_length = 2048;
diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
index 64ed894b..551b0a3b 100644
--- a/src/libopensc/pkcs15-gemsafeGPK.c
+++ b/src/libopensc/pkcs15-gemsafeGPK.c
@@ -472,11 +472,6 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);
diff --git a/src/libopensc/pkcs15-infocamere.c b/src/libopensc/pkcs15-infocamere.c
index 1504d40d..1ea1fefa 100644
--- a/src/libopensc/pkcs15-infocamere.c
+++ b/src/libopensc/pkcs15-infocamere.c
@@ -117,10 +117,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
         info.modulus_length    = modulus_length;
         info.usage             = usage;
         info.native            = 1;
-        info.access_flags      = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-                                | SC_PKCS15_PRKEY_ACCESS_LOCAL;
         info.key_reference     = ref;
 
         if (path)
diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
index 0977af9d..c56f05c5 100644
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@@ -319,11 +319,6 @@ static int itacns_add_prkey(sc_pkcs15_card_t *p15card,
 	info.usage		= usage;
 	info.native		= 1;
 	info.key_reference	= ref;
-	info.access_flags	=
-			SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-			| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-			| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-			| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 
 	if (path)
 	        info.path = *path;
diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
index bbdd14fd..db849930 100644
--- a/src/libopensc/pkcs15-oberthur.c
+++ b/src/libopensc/pkcs15-oberthur.c
@@ -800,10 +800,6 @@ sc_pkcs15emu_oberthur_add_prvkey(struct sc_pkcs15_card *p15card,
 
 	kinfo.modulus_length	= size;
 	kinfo.native		= 1;
-	kinfo.access_flags	= SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-				| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-				| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-				| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 	kinfo.key_reference	 = file_id & 0xFF;
 
 	kinfo.usage = sc_oberthur_decode_usage(flags);
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index 81ffdb47..4daaa98c 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -271,11 +271,6 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
 			prkey_info.id.value[0]    = i + 1;
 			prkey_info.usage          = key_cfg[i].prkey_usage;
 			prkey_info.native         = 1;
-			/* Add default access_flags, see Issues #335 and #336 */
-			prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-							| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-							| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-							| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 			prkey_info.key_reference  = i;
 			prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
 
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
index 20182315..7f465987 100644
--- a/src/libopensc/pkcs15-piv.c
+++ b/src/libopensc/pkcs15-piv.c
@@ -965,11 +965,6 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
 		
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.native        = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		sc_format_path(prkeys[i].path, &prkey_info.path);
 
diff --git a/src/libopensc/pkcs15-postecert.c b/src/libopensc/pkcs15-postecert.c
index 8d40e031..9288b511 100644
--- a/src/libopensc/pkcs15-postecert.c
+++ b/src/libopensc/pkcs15-postecert.c
@@ -112,10 +112,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
         info.modulus_length    = modulus_length;
         info.usage             = usage;
         info.native            = 1;
-        info.access_flags      = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-                                | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-                                | SC_PKCS15_PRKEY_ACCESS_LOCAL;
         info.key_reference     = ref;
 
         if (path)
diff --git a/src/libopensc/pkcs15-pteid.c b/src/libopensc/pkcs15-pteid.c
index f19ed529..028ef27d 100644
--- a/src/libopensc/pkcs15-pteid.c
+++ b/src/libopensc/pkcs15-pteid.c
@@ -206,11 +206,6 @@ static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
 		prkey_info.id.value[0] = pteid_prkey_ids[i];
 		prkey_info.usage = pteid_prkey_usage[i];
 		prkey_info.native = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = pteid_prkey_keyref[type][i];
 		prkey_info.modulus_length = 1024;
 		if (pteid_prkey_paths[type][i] != NULL)
diff --git a/src/libopensc/pkcs15-starcert.c b/src/libopensc/pkcs15-starcert.c
index f7c9c697..19faefc8 100644
--- a/src/libopensc/pkcs15-starcert.c
+++ b/src/libopensc/pkcs15-starcert.c
@@ -240,11 +240,6 @@ static int sc_pkcs15emu_starcert_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);
diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
index 024ef843..4c98518e 100644
--- a/src/libopensc/pkcs15-tcos.c
+++ b/src/libopensc/pkcs15-tcos.c
@@ -112,11 +112,6 @@ static int insert_key(
 	prkey_info.id.len         = 1;
 	prkey_info.id.value[0]    = id;
 	prkey_info.native         = 1;
-	/* Add default access_flags, see Issues #335 and #336 */
-	prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 	prkey_info.key_reference  = key_reference;
 	prkey_info.modulus_length = key_length;
 	sc_format_path(path, &prkey_info.path);
diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c
index 66746734..8bd4d645 100644
--- a/src/libopensc/pkcs15-westcos.c
+++ b/src/libopensc/pkcs15-westcos.c
@@ -216,11 +216,6 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
 			SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT
 			| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
 		prkey_info.native = 1;
-		/* Add default access_flags, see Issues #335 and #336 */
-		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
-						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
-						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = 1;
 		prkey_info.modulus_length = modulus_length;
 		prkey_info.path = path;
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index ebe9f452..15add105 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -3429,14 +3429,10 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
 		check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
 		*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
 		break;
-	case CKA_ENCRYPT:
 	case CKA_DECRYPT:
 	case CKA_SIGN:
 	case CKA_SIGN_RECOVER:
-	case CKA_WRAP:
 	case CKA_UNWRAP:
-	case CKA_VERIFY:
-	case CKA_VERIFY_RECOVER:
 	case CKA_DERIVE:
 	case CKA_OPENSC_NON_REPUDIATION:
 		/* TODO seems to be obsolete */
@@ -3860,13 +3856,17 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
 		*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
 		break;
 	case CKA_TOKEN:
-	case CKA_LOCAL:
 	case CKA_SENSITIVE:
-	case CKA_ALWAYS_SENSITIVE:
-	case CKA_NEVER_EXTRACTABLE:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		*(CK_BBOOL*)attr->pValue = TRUE;
 		break;
+	case CKA_LOCAL:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		if (pubkey->pub_info)
+		    *(CK_BBOOL*)attr->pValue = (pubkey->pub_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) != 0;
+		else /* no pub_info structure, falling back to TRUE */
+		    *(CK_BBOOL*)attr->pValue = TRUE;
+		break;
 	case CKA_PRIVATE:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		if (pubkey->pub_p15obj)
@@ -3925,11 +3925,7 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
 		*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
 		break;
 	case CKA_ENCRYPT:
-	case CKA_DECRYPT:
-	case CKA_SIGN:
-	case CKA_SIGN_RECOVER:
 	case CKA_WRAP:
-	case CKA_UNWRAP:
 	case CKA_VERIFY:
 	case CKA_VERIFY_RECOVER:
 	case CKA_DERIVE: