diff --git a/src/openpgp/files.c b/src/openpgp/files.c
index 9bae9d2..ab3ec58 100644
--- a/src/openpgp/files.c
+++ b/src/openpgp/files.c
@@ -54,7 +54,7 @@ uint8_t historical_bytes[] = {
 
 uint8_t extended_capabilities[] = {
   10, 0,
-  0x76,				/*
+  0x77,				/*
 				 * No Secure Messaging supported
 				 * GET CHALLENGE supported
 				 * Key import supported
@@ -62,7 +62,7 @@ uint8_t extended_capabilities[] = {
 				 * No private_use_DO
 				 * Algorithm attrs are changable
 				 * ENC/DEC with AES
-				 * No KDF-DO available
+				 * KDF-DO available
 				 */
   0,		  /* Secure Messaging Algorithm: N/A (TDES=0, AES=1) */
   0x00, 128, 		/* Max size of GET CHALLENGE */
@@ -137,9 +137,10 @@ file_t file_entries[] = {
     /* 50 */ { .fid = EF_PB_AUT, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
     /* 51 */ { .fid = EF_PW_PRIV, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
     /* 52 */ { .fid = EF_DEK, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
+    /* 53 */ { .fid = EF_KDF, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
     
-    /* 53 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 54 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
+    /* 54 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /* 55 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
 };
 
 const file_t *MF = &file_entries[0];
diff --git a/src/openpgp/files.h b/src/openpgp/files.h
index aad5147..5067ea6 100644
--- a/src/openpgp/files.h
+++ b/src/openpgp/files.h
@@ -67,6 +67,7 @@
 #define EF_UIF_DEC      0x00d7 //S
 #define EF_UIF_AUT      0x00d8 //S
 #define EF_KEY_INFO     0x00de //S
+#define EF_KDF          0x00f9 //C
 #define EF_ALGO_INFO    0x00fa //C
 #define EF_LANG_PREF    0x5f2d //S
 #define EF_SEX          0x5f35 //S
diff --git a/src/openpgp/openpgp.c b/src/openpgp/openpgp.c
index 2ab7ece..68876b4 100644
--- a/src/openpgp/openpgp.c
+++ b/src/openpgp/openpgp.c
@@ -245,6 +245,13 @@ void scan_files() {
             flash_write_data_to_file(ef, def, sizeof(def));
         }
     }
+    if ((ef = search_by_fid(EF_KDF, NULL, SPECIFY_ANY))) {
+        if (!ef->data) {
+            TU_LOG1("KDF is empty. Initializing to default\r\n");
+            const uint8_t def[] = { EF_KDF, 0x03, 0x81, 0x1, 0x0 };
+            flash_write_data_to_file(ef, def, sizeof(def));
+        }
+    }
     low_flash_available();
 }