diff --git a/card-functionality/data/encrypted_to_rsa2k.asc b/card-functionality/data/encrypted_to_rsa2k.asc
new file mode 100644
index 0000000..7853d15
--- /dev/null
+++ b/card-functionality/data/encrypted_to_rsa2k.asc
@@ -0,0 +1,13 @@
+
+-----BEGIN PGP MESSAGE-----
+
+hQEMAyLppot8WzzGAQgAyh7dDMvQdGX2PTO5y2gZWwbIHKkqUKt8g602Jbx8Wj38
+/gWoocsOIGEcrEAP3WupeHHqH/j6Z1rPcG267RXLKzguAa0UxCE9dwmiOLEWhCJP
+f8uaykG+XKI+n/EJeXbedx3SYDNRRaYc44VSufHHjKG4wkFezWRQ1D8biYPFMXpB
++QPmqM9lW8ZlKXQEKi72iTRizRe2ecbSozkJlwNwfwUkj339GQ2u/8aF4dFZ6ORa
+/Yw0/R34lh7PsR+1JuawJWaraXhezmiL724E8TmKYXm1f0a9+ejvhZKON0kEhxiM
+0mWo6/k6w8ox0tcySKMxCs3K3oG0PpGuOIQVGF2cR9JIARnxgAZMtfp8Cy2CySgH
+Dh/VM2Ug4XaFf1N3eZ70vF3SudgU2L84HTG3I7ym3DGvsFuVzIYmkWb8fuWtpOUz
+mKXfuOHOYLDu
+=Qmk6
+-----END PGP MESSAGE-----
diff --git a/card-functionality/data/encrypted_to_rsa4k.asc b/card-functionality/data/encrypted_to_rsa4k.asc
new file mode 100644
index 0000000..e41df5c
--- /dev/null
+++ b/card-functionality/data/encrypted_to_rsa4k.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMA81TxeLofy5zARAAr3R6fXj78tRPW7C5yQqO81OlWWgze+AYyUg8QFl45dtZ
+CUTLGN0edZeOVHtfBAFNJuInO1EgupP5WK0bXeoZ5BfVAv60RI0RRYmlWpjgK13f
+3Pb+KKxmvzyB5xo0Ad9s9z7vZwVROmvv7bIK1awBVXuTMYuKsFpEfCDH5pKS/Lkl
+aJjVF3B6iuKgWXeQRuM5om+Bl/uD5+1r2XNXR8t/I+UPhpRDopUa87goLgsrDPsy
+3flBpWNZkhmvVhDj8MLshQDYLZ6Sg3gY5Qc7OL825Eaj704eO7UXxNNZ4W0MHjwY
+VEk5uuvDgrfKM1E+KFDecbU+Sq+MxD0b2OEzZtvxO0CbvKE7RnKoxG5CHF2gOdd0
+esS6L9ZYPw5o3jbpc+26av9J1pO61Ic5M+ZRFA/yZ494EdTRDfQr/lx/K6yK98zu
+Hum5qlD2jvDnrqNPGDA90Ghtd064kkxrcTYf1tFf2bqRHhfx2hlYyxGzu9FvO1/s
+jpNE1jVZnivfnh3s9LnZtYxIMQs+850u5GocfWIdeolnwpKtqZGSgF3MvVjDb5qc
+CNPAsZf+LZp3z/XIDe6xJTYAS60pzZdNcZxpGQ455aeEnDqHKeuhBAomI7HIiWyA
+BUFk2qAd4RfzHOiTuY3IKscCHvGeenqhvIrouhrk+k2yZKxblfhjLFaWkp0hS3HS
+SAF9tA0drpPlQjkcBl/ObfUbkAuNQyTpehYMpKDUD4SO2kyC/p45INy99rXEwP1l
+V7m1IUe8igMkMlTi7IcaaQujfq00dGxYGA==
+=7GVQ
+-----END PGP MESSAGE-----
+
diff --git a/card-functionality/data/rsa4k.sec b/card-functionality/data/rsa4k.sec
new file mode 100644
index 0000000..e9a479f
--- /dev/null
+++ b/card-functionality/data/rsa4k.sec
@@ -0,0 +1,155 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQcYBGDyHuEBEADG2gsn4xxSFlNAFNJJl4tSU1e2Wv162iDr8LkYxAChzY5WZ8fM
+nVtSi/bBNpo7vxNnx7KgIkm1rbXZuA7pXGcPyBUo8TbTDOmTsZx9+NFbh1I7cdbz
+zMk4xCvXyajKbO09M+vf3Tn6bfltgHLqDvqE9zzvL3mhkBjXk92mkZXEfzgp3+98
+i0DWZJztV7cNy+m1HvZc9qUOXuiz5ulcCsI3seC3MNReJXXpLYpk8kTZQ5KmLOMl
+CJl62x5fJwdypi3YZKpIkWAOTLSWZZ5rzZ9/a7vaHteRypJmc5ma4xkleX0apgQD
+GCcdyYxP6c/g86Zm65qFhPZHSVTqv8dSkW2D9/mkchGGKWaS2FfYyfIPxeeggAhH
+EZ/WSA6zjZlOF2aUyLZYzZoge24lAHjbdrqgLpqafZuXQ2JEpkfOMGov5ecQzQ8W
+YP07WOuuZll/BKvBc8fby9I5kDztlYjp9y45LrRONOXY+6Hylcsf+UVRIHy8HXaO
+WGjOXcB6uOkF6NX54KzCzWzRHfXMlccrx6ZjT4knfwD/J8ZulVurghFUMZ8Z1cN3
+LLcx88Gv8f0NFuyBbviq4QNr1jG1T9HiF3qZIt5c1HH0Ki8c7BTdekEuHWhg3rVv
+eSRYNZIJRvMAeMiStbfzyhLvmAm0ZQxNaGuCUMT2AyfFjBTC7t9FtndfvQARAQAB
+AA//UUZ8qcxrXmfOlhIMk1Sz9q2m25tcIHL4YscsuGEgSwHrzAg2Az1LvrUDYZxy
+NLpX8aKPMWFiVDYQblELEzmXzD0A3Q+eU2vjKmE9b8WbuHfaVf6lF1fb5O5VZyj+
+6uHTo6DNp13SHTgG60lFbsI5hdBR4Qc8BRuS88X1oee+WaaP65miVnrKQPa1p1Kj
+OKngN43Ur1GGTBXhsepO9jZVhJMZIHb+Tg6sn2ZkOvdEybKTRYVyP8hAhxT5WHXo
+1uTyNxCKAwgcRSv34cLeGfzc1KVRjgjuHiI4bVSRc1ugAw+hYRt651LfZg7jYSRV
+OYIMwONKcIlUafWgliRVkTtskXt2f++9a5BEGI5jzdthT4itJeypHxhr6UB7xUdP
+6aa0drTgn2c1NZn/OPJMzoyFMVNN07ktgzXzZcwhphc0MEzV2qOxWlEhvFX8Y1KL
+H52Y7K9ldsMjxKLsWDNZjvfmOmJq+7L9uAqPpnfMk4jTyRURQDdPxKJX7KV8bFUb
+cC2qeBesdFanXeqmUBZj5xOM4v5ytYF/ZQDqCzmc8hYuqosi7ixHVDin8uBgdnbG
+4E6BOYBNWknrd96Gm2ESbgSXgKYNRyACv+wOtUV8v9glm/7ZYzZyF0iJry8BPvYm
+Ltt/N2yY0S/EeNzr4iokx0vImVZ04dutQlOKuB0YI4NuQLcIANECiPEtWP4dfDgp
+oJukj+XGAhsxjOfmvhxytfcdQdpl+OFqjYc0g5zGlJQcKbog4w2tXE3ilgink886
+rC12ptB0F/ARA/STwxpviBbIQ0hq8HIcsjJv8TUuv19SpaVHWAPtbbVkcAzPSEDt
+TmhyUbWywIvAn6mAF+ZG2s8OvtB0XQicptSK7aaC6l3lvpNx1OGMnRSgPvg5eP0T
+lZVIKirj37GYd93rd2tX9BePo7hN/mVR7GPBqJCFWz+bO8L75MktZ7p7W886bgLw
+P9S/tqT6+cavakVjANddSuyLz/GVHyH8Q6N9SQ1PLAx1SK108Imtsh49Qv17czRT
+4sb5or8IAPOO3C0YsIYzQcpPMtAVOnjp1U+AkWMs2QheE9X608YrO/sazUnScg6U
+f5VjWirG1wmuuaYvU7PNP4p4nTe6OzoeOG1AYPL7/nTZHiKp/UclPKKOLeE1rCYK
+5/JK1KL49Dosrq1p4U+U2ta8oiKOgND3DRFK7p67sIhaKOilV98kh/SoPQKIdS7N
+rGQZ5Q36OXbYDCo2fBHWWLz7209w2taj+Mr9t0pvqRQdYk+X9q0ybSMwboNlE/7x
+FQ9IkrgB71OPo800/S8dyPTjcW6J7ZdZrl83RAAV2O+ZIFtgY8CRBUMFg3wqnXa2
+vNVIBTx7OZbm8RYoW8HeA/7f/7HE6IMH/AgLSTcpKZdsM1nRDU4a0qpohZehMzHl
+EjT1yECy/6b+/dOvSiho1drxjWhbT6MWV3Fv/CcsNkdvtNDmwPY1rDcvD2cmrNfx
+7f6saQ0KmaPX6Kheve3E4BoAfLMhn3qgh0+bABt+L0LS+kKme8WZX19mvFV+WBr7
+2ir4WPLQ8Kn+B/P4BO12KYR25nWsmWyeeh41OQfKZNI+q4oJRbwRm7kOKT+rysTj
+DimBlHrzA8bqtgw5Ofy5BgKUPXIvzA/j2jXyoMk20qMGywCl8RS0xr5SCTRck19Q
+Axmq6NiOnECzEbBSkXBmF28fguZaqBcvVkXFamKjDdOFZE4erps9znGC7LQaUlNB
+IDRrIDxyc2E0a0BleGFtcGxlLm9yZz6JAk4EEwEIADgWIQTP/tKA9aGyrJiil9OT
+r04we4IW4QUCYPIe4QIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCTr04w
+e4IW4Vw8D/9Lp4IEr1bnnqXJ3VkcDmVKOAzLhRgBaF3SZytTEAlCMje7PRawxM/a
+7cPWWJVJig7x0kUaCiLdI6bv3LlnK7zmH7fITjC19cVsHJ1taCY+LnvZpDlw28/y
+KoHy2y9nlgCVnL5V277vRl8z1hBhwxClqbw9tJTJ481IUInlWfPwaQxLA+AT0oTr
+aG90T5d1iKn4yzcW6JTnk/HDS+DmXz0+ahwoj920lKXivJJBxeE8wj/pTWsFY4wi
+vnmFBJYzDWPuCKinBWdYXFiWZ4EQcI6WKa25AFjM1lv/sCUVI4hxfPt6J2OL+eC8
+WkdFsF8ekcxIQa7t5E44zSlqpkbQ9bfbQNh/7JeyzK1I/P4/0l/hmW3vtq1bJVSO
+fCbCWQSnY6SkHizK0o1WSbQuVztI6aouwfPnObuPu8n52YdPKknu18ZWQuqS2EpX
+Yzfq8kNZM6G1fMHRWirdGuftbzM1cmNY+5dUnR5QuZOmQ0XLDMtb3mUeuEhWjXly
+IiRw/jEXw82E9+7myxJn0KeWLK1zsUW8ZzCtD0bbQ5+g1QVvvdMqvGHG0f9oUmAd
+WzfYvpUMWlzkJG7CfozGzAC1xZh52H9/Ea51is89xb+dCK9KQbqiA5e3dN9fLoCO
+y6SRErNgLex+lhTznDPC3BYyBDsywarLaeI8kSRClu6a3x+nAZ+snJ0HGARg8h7h
+ARAA3CpNdIxTxDTCYlgGOHG7DfjP1JvAAxZzjl7Ev9GiABJmwZp4r4IBa0GGQmHL
+o+DzIOSN/nP8HZt8BO14Abk2vVt0uVn7m8BqVo2BfzGBMsyijyLCoJdHeTY3v3GB
+kAfLEdiwrsDpgv+oANra62nIx6RAD3A5kmylU2LxyYf2JRgjzyzxBO7JBdZnS4pu
+HNh5OZoMw5CAnkgNRwHy6UN5ko383z6D8hsEW8nluMJmnOfgLjkpoiJoLucQgKqi
+557SN4hckCIGz4URW15/NJhSh4D1CxAizn6hz5GJnQlobt2Euk5fonM6vuIPFkTV
+Nyk8exesk8sbMdHk56zHbzTdI9ondHvKM/XtpLWkkDyuGOcNEToiuNXQjI+7dwS4
+rKTbHjeT7XhuoBxrkZgGcwzoGYL5CkkeNbIYbF6h/Rahec7+tFtJiSBEZmlG2kFV
+vmfGz/+vR9yTnRPoGLZE07q0a7IbUn0SEhxRcceqW8y0IumcypFNq1m+ZYncwbwv
+Xs0muEaJJVwvWJDGDzvixI7bXRyodl+Y05fdYAAI5br21K2UQ2RLo0lRdDw2Iw8c
+h8jaMk6ZvClTbRo12fUkRHKR68bDjAOSWe2741i2n/an3TKiMFu4kFwOLOWaTHTZ
+sidtf3qpvQ5bF6++T/+1ba7Wt6WgaEvlO3x/bwTIRJ1q3cMAEQEAAQAP/Ag4Ag00
+QdpEt+7w50aLJFb4r1V5/PiAiY7KheC9RCVpinF2wUOYAFKPLyJiQTZcaucS8SQL
+E2HNkJskfELgNaVq+RgEPmrJi46wmKF1aSPK1NSwEQDqtM3XEsywQYxtZgzEAJB9
+fhoYTh6+DMcV+1tMi+GnqFaJfMB4pJsH2s32sTuGK3cqLNHtd4yv3b1w7VGTqR9R
+0SNXgDti3L0NekfYyhRRYp6SmJ6OkmdLxoXb+BfxpVa6nxYFJS4QcKVh3eoZyo7M
+3mE3z/aPuALwHsCVNVCU6R+5RXQYtEDq/X2KAm7sBxDq6Un/6V1E84qsHOhhcV1R
+CzJYagml/wntOMYQm1VcfrERrKJPgEl1LS8iWIg1v6n24WsN89W/Msonwm9YEukJ
+v7gsXuDnXLpa0LBMu3/hJ0pTCy7S3Q/YWLCIVcQ8N1fpElncgeegDB7Bgp2cplwa
+y/G06D/X60hgdlkteQX9q7WcxRSOX0VrBm7RRbgq5K56nIrAOEJtrBAKwTbdojMt
+bxMM6vG8FEXXTqCHibn7TFFRrnKHPKc8j0u/L597AECLiXGjdYWc+JgQ0LyVdCNc
+WW/YdcWjkcLTsQvVF7CtoSgS0a/XAnTqXFqFbfsb5BTfzKCtyb742wySpgbSKqhA
+Ya7IWSHPI66AEA7RF9icQtILcxd+tWpJXu2tCADiOICtXmLMoDpBuHYj6CVse3gd
+cMr55T8qTXDROV4BpoWy0ngBs1fw4FSt+A4kQBY6OGs8seBJcLAa73ZBXInnTv4z
+jLffIhrH7K9z2SHZMm17/fr/PiI4LXp4inA+Y1s2keGZyjGze6nilmUCU232r5k+
+6TfgWpLkJqMmDzCvTuhRWbGFic/+F3q6yPRT5xrDbzSltY0hljeKHpyfjAW2iN+A
+9Gu3qTcLehELoXpZxv1oGRvoeIYFO8sV66jxXR9fT+RYqGlhykhVJ4K0vdqwtj36
+ibDwUFDR25rPVR4xli+WIqY35GhPXggjCJj+t4OQAlW20j9czcb36QkY3CwVCAD5
+Jbv/zivYZR5C43k3u0w1st4Xohs3LUjA2ADBpVvehsdyyJAGiARNVkMCr1vnwyea
+LstzrzNQU2j3esjRV3iPtKyv6thuXPPnsbyElHAE8Kn0jIuUV8gY//e+DhGvMzpA
+mpsJgWYJOhiGPZSA1PpAQEhUqG16pLauZTfCY5kGUx37dPPnJzxKsNBbAufe0pUZ
+1nmnOw4qiybRxPwEmjr0Y8r/QUpSTJvmKZFcPtQnQsaXNwgb8EfvtoDJ1TYCcvOh
+Gwyp1RhdTLrNvlB/XIzCOOeq4axr82KMI+e8A1se2Wh2cw8x7NuiufCrSU3jEzwg
+OKfkME3fAzqDitdmgOB3B/0bbj3OP+l8Vqf3U8XAGPIVddwJLbXWDFzMCTL90DzD
++SPnDp2LEC1uaQQeKWVFrHI7xze/GQVdW9mECCKBAPJW8m9cWJSEUgCcwuGRKH+N
++2ncMr1zg7qwAlNLb6Mq9248yWepj6K+7YVK4+07p6xsXWiEpwdSUBI2J1kK0u8U
+Vi/ZI07jYkiTxzCkzloOSsPrqdWPAOsQwOLWGRyHdVO3LGEjgj3/HSNc4lbAA1Nq
+uGunsGKlRhG0PqbmXzS5utlRkOXWfD8X13xzTykdVT49QSkagnuno0JduQ2WHRL7
+Xg0DtwlTGitqh6hQmXw54cJoeHam7VMJrtsL/mZ6MwOuc/KJAjYEGAEIACAWIQTP
+/tKA9aGyrJiil9OTr04we4IW4QUCYPIe4QIbDAAKCRCTr04we4IW4QbPEACA1QJS
+UIUbH9uHKesfH7kZRmzl2GCH3hejjniSdcbMv/ZUhcHejOPVZx0DMLaK/4IsoW/X
+8AEQHUYWI3xzTDWS9nIXtA6l8bnIDcVVrGvAc4ZoiQzdLf6MKVykQbc8grUZVjkp
+npGHTYY8dhJ2UUPVQ/trVfWlw8aIOLZkpVHyvXkNtAU59vz3OM0B7FwO4XUI2CEP
+aup5iajT2LZXaeePv6O/sUAtn3SO37Tn4FqSsD2iMCXhcAUjPuAdgk1QL91MJ+wu
+qu/NDMnq3kw23SaCVMF5x3g9uMq82dH5z85/EaoDCMuy6Pt4dqy+IfTMB8EGgHQB
+7RgZRWC+Y2gTJJGUwT5UQmHbwbF44StdUS43UDg4TCkZM1aFQ8pW6O8en4Y3hWB9
+BBBGIONSbxcmly2VpXDjv0qyqzWcFwOm2g3H45P8ZSMlWkEDhIXgcPFCazmyZQ5r
+WjxV3DLNiz4BnCZZWOVXdKDtaqR57ky0pLRhKZjfzomOZ1AieJPqQhnT+5awNxcs
+cxivFLufGIcyezJR1B57Xm8mYLQPJ7C9NZ0/ZJTBfqnr0vq2KfxuGyTWuu24rklW
+RdxwRNTGA+VfSGXtF/Ojtcyt7unINqb5gZbbMBH6xCz6jRMbZ7lUt9TnS5ZLniNt
+atwczVq++LkzOjgNK/GTq1F+9oyHbOygwDT6z50HGARg8h+LARAAmxKifIBe0OCt
+L6LYWLU/zgdqG8QJectXHneCxiwQHjHtgwA0rHw3Tk3xHU3EVkE6K5wIYc2Cgp7B
+MFE0db5PW1nHqkp3zuyGhiWSRQlAg6vTK05lHt/864f15MqfmLoDWzoiiLsjpPvr
+07dHLG9EzcZjnNxM4NTqR/Nfo0U104+dN4L9WMEgPn9N3nzc0tDwz7C4mH3IXCVf
+MRL45Nlff29hMDZ1y7zOXIOmPZnSmm6UPoPWUXoVuM29ccapwaotBYxevza53c5r
+EdqZoKn5/KwDMSbn+pMzvdLH4OseSQf61W8MNmZL0afhWLWDHRDCWtsb+bzOzhgc
+HqAQ/EYQ35EMsiieyvFYhPZD+y6y3EzTGYeanbUKp8KlzAYkZhd4UxN/+m+5/mZj
+cAqC1NVoUexCU3XKgLqvmVVpWdhPZ8Tm3J5OwUFWXUg6T5EDNIvmqXREuoc/N+Wp
+uyqvnag5MbpnF12XNpZhUijYJbtZ7DMZRb/ZtwV0/JSZiYiYw5JGT6JZzW6Kk0ak
+7idOXnQHTggcm/UxMECxcaviWCvBOendAU6nRUwbGVioJog0Ulov77AFA3l9uhFi
+73pl1N8suDTYOLh1pXYxnmgts+7aKoq/iaGndipSlVpiGCtdV4ZOwJfhSET5eTh2
+0VGY9AsTcD0nk2/6wbaEKQjm4xF/oHEAEQEAAQAP/A3frZiEm6GwbY4qJupOJ6E1
+L0cV/jWz/YgE7+GZpkTX+VnpC3gLEkpNKtnmT+naTWwCul/q/6wpVpC4vdVy61f5
+llAj+B1pMo055fY14lxlY6/SLwsuGvYE5KOi2oMoJo4ONhy+3BeHT7f8rmoeolc5
+UpwsEYIOn89EH4r/RtY2A74oV/uNe7xbrgnOaKtBH5T/8zlMDOrsOlys8oZMSaug
+ZAo+NRe/PUSFpWU0J+VtKJIslWDAvW9v6MJkdbeVPrs/rb0JwQ3uc8yAdDzYODy6
+NFGSG4W4Ob7X5s4L+wT+/nADTre8kI1MqcVCqAenrNvCvU6rQmKp7DTJOVEjVkr7
+4GNbIq+airZ/BsxMLKdGMJ4ZP1sgSUyklp77gRWFsOwcdAAfnkQ4zw458CknqcAG
+v68y59GO/P5/bsktYUttUdStckyEQmd1HHJGTDbCH0Gw5mSY7AZ1ZpxF7Gm/4wER
+S1erSDtKrr6NzOFofCOCMTrrM0/0DElCDAgPBBeiBkNVuWunr8CBu8c49VMSCQKT
+GxpFyWDDWO12ygteBcvzjlDwuRIQcQglg/aNEnxys7E6dasdPV6MD8dDm05qqTGo
+r+2xzVoJyLEsg5o83qXh9xmsf2l4AUjcmnmqffktlrIl0Qt+ka0Z0E4rafJtOTEC
+LMV51Vjokf4qC5c6JM4pCADFA/qCeorPriUZlRyTqdeGOJQsqwkUfJOn0v+h3z1/
+B0+Ld7y015bRhEqJJZeKteH//Xjmtb2ra0sBnVA0OlBpKzDfrvhCgcH04Clp8mcI
+OMgh6pTPLgKhhL6mOiIuu00oH6TNKEZd+C9hCHKqHR5ndxT1Icmd7jW4Px/bhapN
+FlgEdp9e5ywSH3dPfjpm5vI+RAUhx6EyAN0AFYL0DhCuB3Pe4MMwPsN2ekBWG5K9
+aHESsvi3IjA/R4Y5k02bnp6BTG6ccpinAtbKl2O/qkrhk5zzhgYxWjC3p93I6rjJ
+risMhYlgoSLzcwt2ZhdZxpVBP2CqeFcWC4Th55ZcQXxTCADJgAEMtuQC07DZr80o
+KjI0bkPXGloqegMU8l6fPSrccjdA44LvYJAym3wV8NqRJ97FezqPAfAy/JQbvP3Y
+XiyFkFR7omgLEtnPtA9FUOjU42q7KhVy4XhEeeg0yn2HMpRPI7DMOXFjbg8q3Avm
+4HmwiAhfNu5VrFOcHW2WxY6nztWmHvbxA5hGD4mOWeBCRejeAKOYIr7ZaFRqCewu
+MGlbSaPzFCHuFcSVl8KUyKpttNb6ZWNSl8zSYknBtuASd8LSIHuW253NWJ+go37D
+xV2j46qftEG/Cu0CSXuwRIc8tJ8goKTbj80UUJaRo5oo+kR3zEU6dNHuygXOYDN0
+TXerB/4h2Y3q8MHAHJwHE96Lrpu9ida+RDA48HYihn+0SvEp6fTEP2qqia9Lvq78
+RBcbKn65xPw+CJ6pKkHAFwKrrm/SA57hDrSBz0+JeCiJk+pz2zYKVkE8uMJdTXSO
+u69wKu4lfY3tfd+LzcI263a5ecv9JaCjt4VR09x2KC4a+3bN9G1aCpGQxDda3cGz
+WA9T5s0J3n8J7dqnZTjm8DJ8qQG7BUm+BzBhgBBKCtGG3DV4hiRGmaQmGofyHGEP
+RCPkOmHGRyd7nDEtMdNHwI0PiApXqbEj03YMper0kDl1tNyRV9XKpT1noh/P3kLy
+xB8BFAsUS8kS+s6qrrzbCp8a5XJqbzaJAjYEGAEIACAWIQTP/tKA9aGyrJiil9OT
+r04we4IW4QUCYPIfiwIbIAAKCRCTr04we4IW4cpyD/9tDIzC3fMg9ct1WWO3DuRB
+v+LQjhw7ClU+Y55aR3O7/AhpILhJKQ5/EpMKUqyynTqwEGxnvc7jj7zW/iIYs1Vv
+nni0AcvPVzq/0h793i19syPiNbAKB/XZRsy8QdljdBaQXCP2SYK3Ap869bG/v5a0
+/kQYn1s/3gZD/4zlZ3vOuhJCGjDk62e7lCTEH6lIlcDhFItStVvU8paR/rE5iqSC
+JO0BN+wGthtD0AvrejTmLGoLqI9Zdb+kM2e/ZVVnGiP+pjYylKldyd9+83kGs84m
+snfKKR+KoR2DaGxkgFAKUC/Nbb64G1V9zEByNTcxRDyEl0O/T8SqHhP7wou2WdXh
+onn/p+RuKWulzQldYvrOXeOqUXtAb+ww3qIw6KqZXiLH1iHit2snDYhRat9iGpul
+v230mKIfqi0y/k34KTSsuryw5SMWeyM07bzD/9xidyIcfLgR03eAE5rOfceDLDV5
+I3/h0CeHhKCZkWs38sR8SHNhpT3lYm8wEHOyfRRTzvydURKsY4YNfoz2LeocreaA
+djkTAiJ8LAkGOgC4HnTd6dPT6DU8ZllTLSHFS4aDidfHpuJVya3Km9N0Sn2rS4vW
+VUAzFRs9dYAfus8dnoLXIZ+DpoPgw+QnGyWw//qnUwQ5bXGJj8mVDJeeWHXmXWfw
+zOXoqaL65L6jU3nFiWK3Xg==
+=Fa1S
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/card-functionality/src/main.rs b/card-functionality/src/main.rs
index 72122f9..e6a78ca 100644
--- a/card-functionality/src/main.rs
+++ b/card-functionality/src/main.rs
@@ -33,7 +33,7 @@ use sequoia_openpgp::Cert;
 
 use openpgp_card::apdu::PcscClient;
 use openpgp_card::card_app::CardApp;
-use openpgp_card::{CardClientBox, Sex};
+use openpgp_card::{CardBase, CardClientBox, Sex};
 
 mod util;
 
@@ -49,9 +49,26 @@ type TestOutput = Vec<TestResult>;
 type TestsOutput = HashMap<String, TestOutput>;
 
 /// Run after each "upload keys", if key *was* uploaded (?)
-fn test_decrypt() {
-    // FIXME
-    unimplemented!()
+fn test_decrypt(mut ca: &mut CardApp, param: &[&str]) -> Result<TestOutput> {
+    assert_eq!(
+        param.len(),
+        2,
+        "test_decrypt needs filenames for 'cert' and 'encrypted'"
+    );
+
+    let cert = Cert::from_file(param[0])?;
+    let msg =
+        std::fs::read_to_string(param[1]).expect("Unable to read ciphertext");
+
+    let res = ca.verify_pw1("123456")?;
+    res.check_ok()?;
+
+    let res = openpgp_card_sequoia::decrypt(&mut ca, &cert, msg.into_bytes())?;
+    let plain = String::from_utf8_lossy(&res);
+
+    assert_eq!(plain, "Hello world!\n");
+
+    Ok(vec![])
 }
 
 /// Run after each "upload keys", if key *was* uploaded (?)
@@ -109,11 +126,20 @@ fn check_key_upload_algo_attrs() -> Result<()> {
     Ok(())
 }
 
-fn test_upload_keys_rsa_2k(ca: &mut CardApp) -> Result<TestOutput> {
+fn test_upload_keys(ca: &mut CardApp, param: &[&str]) -> Result<TestOutput> {
+    assert_eq!(
+        param.len(),
+        1,
+        "test_upload_keys needs a filename for 'cert'"
+    );
+
     let verify = ca.verify_pw3("12345678")?;
     verify.check_ok()?;
 
-    let cert = Cert::from_file("data/rsa2k.sec")?;
+    let cert = Cert::from_file(param[0])?;
+
+    // FIXME: check if card supports the algo in question?
+
     let meta = util::upload_subkeys(ca, &cert)?;
 
     check_key_upload_metadata(ca, &meta)?;
@@ -122,18 +148,6 @@ fn test_upload_keys_rsa_2k(ca: &mut CardApp) -> Result<TestOutput> {
     Ok(vec![])
 }
 
-fn test_upload_keys_25519() {
-    // FIXME
-    unimplemented!()
-
-    // check if card supports 25519, if not that's ok, return this
-    // information and don't try upload.
-
-    // upload key
-
-    // test upload general - checks
-}
-
 fn test_keygen() {
     // FIXME
     // (implementation of this functionality is still missing in openpgp-card)
@@ -150,7 +164,10 @@ fn test_reset(ca: &mut CardApp) -> Result<TestOutput> {
 ///
 /// Returns an empty TestOutput, throws errors for unexpected Status codes
 /// and for unequal field values.
-fn test_set_user_data(ca: &mut CardApp) -> Result<TestOutput> {
+fn test_set_user_data(
+    ca: &mut CardApp,
+    _param: &[&str],
+) -> Result<TestOutput> {
     let res = ca.verify_pw3("12345678")?;
     res.check_ok()?;
 
@@ -186,7 +203,7 @@ fn test_set_user_data(ca: &mut CardApp) -> Result<TestOutput> {
 /// Outputs:
 /// - verify pw3 (check) -> Status
 /// - verify pw1 (check) -> Status
-fn test_verify(ca: &mut CardApp) -> Result<TestOutput> {
+fn test_verify(ca: &mut CardApp, _param: &[&str]) -> Result<TestOutput> {
     // Steps:
     //
     // - try to set name without verify, assert result is not ok
@@ -236,7 +253,8 @@ fn test_verify(ca: &mut CardApp) -> Result<TestOutput> {
 
 fn run_test(
     cards: &[&str],
-    t: fn(&mut CardApp) -> Result<TestOutput>,
+    t: fn(&mut CardApp, &[&str]) -> Result<TestOutput>,
+    param: &[&str],
 ) -> Result<TestsOutput> {
     let mut out = HashMap::new();
 
@@ -259,7 +277,7 @@ fn run_test(
         if cards.contains(&app_id.ident().as_str()) {
             println!("Running Test on {}:", app_id.ident());
 
-            let res = t(&mut ca);
+            let res = t(&mut ca, param);
 
             out.insert(app_id.ident(), res?);
         }
@@ -291,17 +309,25 @@ fn main() -> Result<()> {
     // let userdata_out = run_test(&cards, test_set_user_data)?;
     // println!("{:x?}", userdata_out);
 
-    // upload RSA keys
-    println!("upload RSA2k key");
-    let upload_out = run_test(&cards, test_upload_keys_rsa_2k)?;
-    println!("{:x?}", upload_out);
+    for (key, ciphertext) in vec![
+        ("data/rsa2k.sec", "data/encrypted_to_rsa2k.asc"),
+        ("data/rsa4k.sec", "data/encrypted_to_rsa4k.asc"),
+    ] {
+        // upload keys
+        println!("upload key");
+        let upload_out = run_test(&cards, test_upload_keys, &vec![key])?;
+        println!("{:x?}", upload_out);
 
-    // sign
-    // decrypt
+        // FIXME: if this card doesn't support the key type, skip the
+        // following tests?
 
-    // upload 25519 keys
-    // sign
-    // decrypt
+        // decrypt
+        println!("decrypt");
+        let dec_out = run_test(&cards, test_decrypt, &vec![key, ciphertext])?;
+        println!("{:x?}", dec_out);
+
+        // sign
+    }
 
     // upload some key with pw
 
diff --git a/openpgp-card-sequoia/src/decryptor.rs b/openpgp-card-sequoia/src/decryptor.rs
index cea43dc..d3bd103 100644
--- a/openpgp-card-sequoia/src/decryptor.rs
+++ b/openpgp-card-sequoia/src/decryptor.rs
@@ -16,13 +16,14 @@ use openpgp::Cert;
 use sequoia_openpgp as openpgp;
 
 use openpgp_card::errors::OpenpgpCardError;
-use openpgp_card::{CardUser, DecryptMe};
+use openpgp_card::DecryptMe;
 
 use crate::PublicKey;
+use openpgp_card::card_app::CardApp;
 
 pub(crate) struct CardDecryptor<'a> {
     /// The OpenPGP card (authenticated to allow decryption operations)
-    ocu: &'a mut CardUser,
+    ca: &'a mut CardApp,
 
     /// The matching public key for the card's decryption key
     public: PublicKey,
@@ -34,12 +35,13 @@ impl<'a> CardDecryptor<'a> {
     /// An Error is returned if no match between the card's decryption
     /// key and a (sub)key of `cert` can be made.
     pub fn new(
-        ocu: &'a mut CardUser,
+        ca: &'a mut CardApp,
         cert: &Cert,
         policy: &dyn Policy,
     ) -> Result<CardDecryptor<'a>, OpenpgpCardError> {
         // Get the fingerprint for the decryption key from the card.
-        let fps = ocu.get_fingerprints()?;
+        let ard = ca.get_app_data()?;
+        let fps = CardApp::get_fingerprints(&ard)?;
         let fp = fps.decryption();
 
         if let Some(fp) = fp {
@@ -59,7 +61,7 @@ impl<'a> CardDecryptor<'a> {
             // Exactly one matching (sub)key should be found. If not, fail!
             if keys.len() == 1 {
                 let public = keys[0].clone();
-                Ok(Self { ocu, public })
+                Ok(Self { ca, public })
             } else {
                 Err(OpenpgpCardError::InternalError(anyhow!(
                     "Failed to find a matching (sub)key in cert"
@@ -92,7 +94,7 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> {
         match (ciphertext, self.public.mpis()) {
             (mpi::Ciphertext::RSA { c: ct }, mpi::PublicKey::RSA { .. }) => {
                 let dm = DecryptMe::RSA(ct.value());
-                let dec = self.ocu.decrypt(dm)?;
+                let dec = self.ca.decrypt(dm)?;
 
                 let sk = openpgp::crypto::SessionKey::from(&dec[..]);
                 Ok(sk)
@@ -110,7 +112,7 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> {
                 };
 
                 // Decryption operation on the card
-                let dec = self.ocu.decrypt(dm)?;
+                let dec = self.ca.decrypt(dm)?;
 
                 #[allow(non_snake_case)]
                 let S: openpgp::crypto::mem::Protected = dec.into();
diff --git a/openpgp-card-sequoia/src/lib.rs b/openpgp-card-sequoia/src/lib.rs
index 049c34c..50a404c 100644
--- a/openpgp-card-sequoia/src/lib.rs
+++ b/openpgp-card-sequoia/src/lib.rs
@@ -20,9 +20,10 @@ use openpgp::policy::StandardPolicy;
 use openpgp::serialize::stream::{Message, Signer};
 use sequoia_openpgp as openpgp;
 
+use openpgp_card::card_app::CardApp;
 use openpgp_card::{
-    errors::OpenpgpCardError, CardAdmin, CardSign, CardUploadableKey,
-    CardUser, EccKey, EccType, KeyType, PrivateKeyMaterial, RSAKey,
+    errors::OpenpgpCardError, CardAdmin, CardSign, CardUploadableKey, EccKey,
+    EccType, KeyType, PrivateKeyMaterial, RSAKey,
 };
 
 mod decryptor;
@@ -269,7 +270,7 @@ pub fn upload_key(
 }
 
 pub fn decrypt(
-    ocu: &mut CardUser,
+    ca: &mut CardApp,
     cert: &sequoia_openpgp::Cert,
     msg: Vec<u8>,
 ) -> Result<Vec<u8>> {
@@ -278,7 +279,7 @@ pub fn decrypt(
         let reader = io::BufReader::new(&msg[..]);
 
         let p = StandardPolicy::new();
-        let d = decryptor::CardDecryptor::new(ocu, cert, &p)?;
+        let d = decryptor::CardDecryptor::new(ca, cert, &p)?;
 
         let db = DecryptorBuilder::from_reader(reader)?;
         let mut decryptor = db.with_policy(&p, None, d)?;
diff --git a/openpgp-card-sequoia/src/main.rs b/openpgp-card-sequoia/src/main.rs
index 62fdd12..8b9fa32 100644
--- a/openpgp-card-sequoia/src/main.rs
+++ b/openpgp-card-sequoia/src/main.rs
@@ -174,7 +174,7 @@ fn main() -> Result<(), Box<dyn Error>> {
                 println!("{:?}", msg);
 
                 let res = openpgp_card_sequoia::decrypt(
-                    &mut oc_user,
+                    &mut oc_user.get_card_app(),
                     &cert,
                     msg.into_bytes(),
                 )?;
diff --git a/openpgp-card/src/lib.rs b/openpgp-card/src/lib.rs
index 61e644e..42c5395 100644
--- a/openpgp-card/src/lib.rs
+++ b/openpgp-card/src/lib.rs
@@ -251,6 +251,11 @@ impl CardBase {
         Self { card_app, ard }
     }
 
+    /// Get a reference to the internal CardApp object (for use in tests)
+    pub fn get_card_app(&mut self) -> &mut CardApp {
+        &mut self.card_app
+    }
+
     /// Get all cards that can be opened as an OpenPGP card applet via pcsc
     pub fn list_cards_pcsc() -> Result<Vec<Self>> {
         let cards = card::get_cards().map_err(|err| anyhow!(err))?;