diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java
index 55b1c7a17..e8dd84106 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java
@@ -33,13 +33,13 @@ import java.security.interfaces.RSAPrivateCrtKey;
 
 public class SecurityTokenUtils {
     public static byte[] attributesFromSecretKey(KeyType slot, CanonicalizedSecretKey secretKey,
-            KeyFormat formatForKeyType)
+            KeyFormat currentKeyFormat, boolean withEccPublicKey)
             throws IOException {
         if (secretKey.isRSA()) {
-            return attributesForRsaKey(secretKey.getBitStrength(), (RsaKeyFormat) formatForKeyType);
+            return attributesForRsaKey(secretKey.getBitStrength(), (RsaKeyFormat) currentKeyFormat);
         } else if (secretKey.isEC()) {
             byte[] oid = new ASN1ObjectIdentifier(secretKey.getCurveOid()).getEncoded();
-            byte[] attrs = new byte[1 + (oid.length - 2) + 1];
+            byte[] attrs = new byte[1 + (oid.length - 2) + (withEccPublicKey ? 1 : 0)];
 
             if (slot.equals(KeyType.ENCRYPT))
                 attrs[0] = PublicKeyAlgorithmTags.ECDH;
@@ -49,7 +49,9 @@ public class SecurityTokenUtils {
 
             System.arraycopy(oid, 2, attrs, 1, (oid.length - 2));
 
-            attrs[attrs.length - 1] = (byte) 0xff;
+            if (withEccPublicKey) {
+                attrs[attrs.length - 1] = (byte) 0xff;
+            }
 
             return attrs;
         } else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java
index ff5dcafb2..509b42f4f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java
@@ -39,6 +39,7 @@ import org.sufficientlysecure.keychain.securitytoken.OpenPgpCapabilities;
 import org.sufficientlysecure.keychain.securitytoken.RsaKeyFormat;
 import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenUtils;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
@@ -150,7 +151,9 @@ public class SecurityTokenChangeKeyTokenOp {
         OpenPgpCapabilities openPgpCapabilities = connection.getOpenPgpCapabilities();
         KeyFormat formatForKeyType = openPgpCapabilities.getFormatForKeyType(slot);
 
-        return SecurityTokenUtils.attributesFromSecretKey(slot, secretKey, formatForKeyType);
+        // the Nitrokey 3 doesn't support including the public key
+        boolean withEccPublicKey = connection.getTokenType() != TokenType.NITROKEY_3;
+        return SecurityTokenUtils.attributesFromSecretKey(slot, secretKey, formatForKeyType, withEccPublicKey);
     }
 
     private void setKeyAttributes(Passphrase adminPin, KeyType keyType, byte[] data) throws IOException {