Index: src/tools/pkcs15-init.c
===================================================================
--- src/tools/pkcs15-init.c	(revision 4070)
+++ src/tools/pkcs15-init.c	(working copy)
@@ -1408,6 +1408,7 @@
 
 	if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
 		return r;
+        keygen_args.prkey_args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE|SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE|SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE|SC_PKCS15_PRKEY_ACCESS_LOCAL;
 
 	/* Parse the key spec given on the command line */
 	if (!strncasecmp(spec, "rsa", 3)) {
@@ -1498,7 +1499,7 @@
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}
 	if (opt_extractable) {
-		args->flags |= SC_PKCS15INIT_EXTRACTABLE;
+		args->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
 		if (opt_passphrase) {
 			args->passphrase = opt_passphrase;
 		} else {
Index: src/pkcs15init/pkcs15-lib.c
===================================================================
--- src/pkcs15init/pkcs15-lib.c	(revision 4070)
+++ src/pkcs15init/pkcs15-lib.c	(working copy)
@@ -1005,11 +1005,10 @@
 	key_info->native = 1;
 	key_info->key_reference = 0;
 	key_info->modulus_length = keybits;
-	key_info->access_flags = DEFAULT_PRKEY_ACCESS_FLAGS;
+	key_info->access_flags = keyargs->access_flags;
 	/* Path is selected below */
 
-	if (keyargs->flags & SC_PKCS15INIT_EXTRACTABLE) {
-		key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
+	if (keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE) {
 		key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
 		key_info->native = 0;
 	}
@@ -1188,7 +1187,7 @@
 			keyargs->x509_usage, keybits, 0)) {
 		/* Make sure the caller explicitly tells us to store
 		 * the key non-natively. */
-		if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE))
+		if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
 			SC_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
 
 		if (!keyargs->passphrase
@@ -1207,7 +1206,7 @@
 
 	/* Get the number of private keys already on this card */
 	idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);
-	if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) {
+	if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) {
 		r = profile->ops->create_key(profile, p15card, object);
 		SC_TEST_RET(ctx, r, "Card specific 'create key' failed");
 
Index: src/pkcs15init/pkcs15-init.h
===================================================================
--- src/pkcs15init/pkcs15-init.h	(revision 4070)
+++ src/pkcs15init/pkcs15-init.h	(working copy)
@@ -191,6 +191,7 @@
 	unsigned long		usage;
 	unsigned long		x509_usage;
 	unsigned int		flags;
+	unsigned int		access_flags;
 	struct sc_pkcs15init_keyarg_gost_params gost_params;
 
 	sc_pkcs15_prkey_t	key;
@@ -204,7 +205,6 @@
 	const char *                   pubkey_label;
 };
 
-#define SC_PKCS15INIT_EXTRACTABLE	0x0001
 #define SC_PKCS15INIT_NO_PASSPHRASE	0x0002
 #define SC_PKCS15INIT_SPLIT_KEY		0x0004