diff --git a/sm/certlist.c b/sm/certlist.c
index 9949fb4df..b5f9f7874 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -170,7 +170,8 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
     }
 
   encr_bits = (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT);
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
+  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+      || gpgsm_is_ecc_key (cert))
     encr_bits |= KSBA_KEYUSAGE_KEY_AGREEMENT;
 
   sign_bits = (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION);
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index 70ca0e9ab..5f3f6f51f 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -306,6 +306,14 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 }
 
 
+/* Return true if CERT is an ECC key.  */
+int
+gpgsm_is_ecc_key (ksba_cert_t cert)
+{
+  return GCRY_PK_ECC == gpgsm_get_key_algo_info2 (cert, NULL, NULL);
+}
+
+
 /* This is a wrapper around pubkey_algo_string which takes a KSBA
  * certificate instead of a Gcrypt public key.  Note that this
  * function may return NULL on error.  */
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 8765f9f9d..9fbb53a29 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -324,6 +324,7 @@ char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
 int  gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits,
                                char **r_curve);
+int   gpgsm_is_ecc_key (ksba_cert_t cert);
 char *gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid);
 gcry_mpi_t gpgsm_get_rsa_modulus (ksba_cert_t cert);
 char *gpgsm_get_certid (ksba_cert_t cert);