diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c
index 1469108d..ce665b1d 100644
--- a/src/cryptsetup_reencrypt.c
+++ b/src/cryptsetup_reencrypt.c
@@ -581,7 +581,7 @@ static int luks2_transfer_tokens(struct reenc_ctx *rc)
 
 	if (crypt_init(&cd_old, rc->header_file_tmp) ||
 	    crypt_load(cd_old, CRYPT_LUKS2, NULL))
-		return -EINVAL;
+		goto out;
 
 	if (crypt_init(&cd_new, rc->header_file_new) ||
 	    crypt_load(cd_new, CRYPT_LUKS2, NULL))
@@ -638,6 +638,35 @@ out:
 	return r;
 }
 
+static int luks2_transfer_flags(struct reenc_ctx *rc)
+{
+	int r = -EINVAL;
+	uint32_t flags;
+	struct crypt_device *cd_old = NULL, *cd_new = NULL;
+
+	if (crypt_init(&cd_old, rc->header_file_org) ||
+	    crypt_load(cd_old, CRYPT_LUKS2, NULL))
+		goto out;
+
+	if (crypt_init(&cd_new, rc->header_file_new) ||
+	    crypt_load(cd_new, CRYPT_LUKS2, NULL))
+		goto out;
+
+	if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_ACTIVATION, &flags)))
+		log_err(_("Failed to read activation flags from backup header.\n"));
+	else if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_ACTIVATION, flags)))
+		log_err(_("Failed to write activation flags to new header.\n"));
+	else if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_REQUIREMENTS, &flags)))
+		log_err(_("Failed to read requirements from backup header.\n"));
+	else if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_REQUIREMENTS, flags)))
+		log_err(_("Failed to read requirements from backup header.\n"));
+out:
+	crypt_free(cd_old);
+	crypt_free(cd_new);
+
+	return r;
+}
+
 static int backup_luks_headers(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL;
@@ -713,8 +742,12 @@ static int backup_luks_headers(struct reenc_ctx *rc)
 		rc->type,
 		isLUKS2(rc->type) ? (void*)&params2 : (void*)&params);
 
-	if (!r && isLUKS2(rc->type))
-		r = luks2_transfer_tokens(rc);
+	if (r || !isLUKS2(rc->type))
+		goto out;
+
+	r = luks2_transfer_tokens(rc);
+	if (!r)
+		r = luks2_transfer_flags(rc);
 
 out:
 	crypt_free(cd);