diff --git a/.github/test-isoapplet.sh b/.github/test-isoapplet.sh
index 08b9c0277e..b2192df348 100755
--- a/.github/test-isoapplet.sh
+++ b/.github/test-isoapplet.sh
@@ -70,9 +70,20 @@ $VALGRIND opensc-tool -n
 $VALGRIND pkcs15-init --create-pkcs15 --so-pin 123456 --so-puk 0123456789abcdef
 $VALGRIND pkcs15-tool --change-pin --pin 123456 --new-pin 654321
 $VALGRIND pkcs15-tool --unblock-pin --puk 0123456789abcdef --new-pin 123456
-$VALGRIND pkcs15-init --generate-key rsa/2048     --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456
-$VALGRIND pkcs15-init --generate-key rsa/2048     --id 2 --key-usage decrypt      --auth-id FF --pin 123456
-$VALGRIND pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign         --auth-id FF --pin 123456
+if [ "$isoapplet_version" = "v0" ]; then
+	$VALGRIND pkcs15-init --generate-key rsa/2048     --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key rsa/2048     --id 2 --key-usage decrypt      --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign         --auth-id FF --pin 123456
+elif [ "$isoapplet_version" = "v1" ]; then
+	$VALGRIND pkcs15-init --generate-key rsa/2048     --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key rsa/2048     --id 2 --key-usage decrypt      --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key rsa/4096     --id 3 --key-usage decrypt,sign --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key rsa/4096     --id 4 --key-usage decrypt      --auth-id FF --pin 123456
+	$VALGRIND pkcs15-init --generate-key ec/secp256r1 --id 5 --key-usage sign         --auth-id FF --pin 123456
+else
+	echo "Unknown IsoApplet version: $isoapplet_version"
+	exit 1
+fi
 $VALGRIND pkcs15-tool -D
 $VALGRIND pkcs11-tool -l -t -p 123456
 
@@ -84,16 +95,33 @@ popd
 
 # random data to be signed
 dd if=/dev/random of=/tmp/data.bin bs=300 count=1
-# sign & verify using secp256r1 key
-$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 3 -i /tmp/data.bin -o /tmp/data.sig
-$VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 3 -i /tmp/data.bin --signature-file /tmp/data.sig
-# import, sign & verify using another secp256r1 key
-openssl ecparam -name secp256r1 -genkey -noout -out /tmp/ECprivKey.pem
-openssl ec -in /tmp/ECprivKey.pem -pubout -out /tmp/ECpubKey.pem
-$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECprivKey.pem -y privkey -d 4
-$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECpubKey.pem -y pubkey -d 4
-$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 4 -i /tmp/data.bin -o /tmp/data.sig
-$VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 4 -i /tmp/data.bin --signature-file /tmp/data.sig
+if [ "$isoapplet_version" = "v0" ]; then
+	# sign & verify using secp256r1 key
+	$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 3 -i /tmp/data.bin -o /tmp/data.sig
+	$VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 3 -i /tmp/data.bin --signature-file /tmp/data.sig
+	# import, sign & verify using another secp256r1 key
+	openssl ecparam -name secp256r1 -genkey -noout -out /tmp/ECprivKey.pem
+	openssl ec -in /tmp/ECprivKey.pem -pubout -out /tmp/ECpubKey.pem
+	$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECprivKey.pem -y privkey -d 4
+	$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECpubKey.pem -y pubkey -d 4
+	$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 4 -i /tmp/data.bin -o /tmp/data.sig
+	$VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 4 -i /tmp/data.bin --signature-file /tmp/data.sig
+elif [ "$isoapplet_version" = "v1" ]; then
+	# sign & verify using secp256r1 key
+	$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA -d 5 -i /tmp/data.bin -o /tmp/data.sig
+	$VALGRIND pkcs11-tool --verify -m ECDSA -d 5 -i /tmp/data.bin --signature-file /tmp/data.sig
+	# import, sign & verify using another secp256r1 key
+	openssl ecparam -name secp256r1 -genkey -noout -out /tmp/ECprivKey.pem
+	openssl ec -in /tmp/ECprivKey.pem -pubout -out /tmp/ECpubKey.pem
+	$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECprivKey.pem -y privkey -d 6
+	$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECpubKey.pem -y pubkey -d 6
+	$VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA -d 6 -i /tmp/data.bin -o /tmp/data.sig
+	$VALGRIND pkcs11-tool --verify -m ECDSA -d 6 -i /tmp/data.bin --signature-file /tmp/data.sig
+else
+	echo "Unknown IsoApplet version: $isoapplet_version"
+	exit 1
+fi
+
 # cleanup
 rm /tmp/ECprivKey.pem /tmp/ECpubKey.pem /tmp/data.bin /tmp/data.sig
 
diff --git a/src/libopensc/card-isoApplet.c b/src/libopensc/card-isoApplet.c
index e0f5c70f64..9231d0bef9 100644
--- a/src/libopensc/card-isoApplet.c
+++ b/src/libopensc/card-isoApplet.c
@@ -1016,6 +1016,7 @@ isoApplet_ctl_import_key(sc_card_t *card, sc_cardctl_isoApplet_import_key_t *arg
 	{
 
 	case SC_ISOAPPLET_ALG_REF_RSA_GEN_2048:
+	case SC_ISOAPPLET_ALG_REF_RSA_GEN_4096:
 		r = isoApplet_put_data_prkey_rsa(card, args);
 		LOG_TEST_RET(card->ctx, r, "Error in PUT DATA.");
 		break;
diff --git a/src/pkcs15init/pkcs15-isoApplet.c b/src/pkcs15init/pkcs15-isoApplet.c
index 48dc15fd27..d95d181c2c 100644
--- a/src/pkcs15init/pkcs15-isoApplet.c
+++ b/src/pkcs15init/pkcs15-isoApplet.c
@@ -716,7 +716,13 @@ isoApplet_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_
 	switch(object->type)
 	{
 	case SC_PKCS15_TYPE_PRKEY_RSA:
-		args.algorithm_ref = SC_ISOAPPLET_ALG_REF_RSA_GEN_2048;
+		if (key->u.rsa.p.len == 128) {
+			args.algorithm_ref = SC_ISOAPPLET_ALG_REF_RSA_GEN_2048;
+		} else if (key->u.rsa.p.len == 256) {
+			args.algorithm_ref = SC_ISOAPPLET_ALG_REF_RSA_GEN_4096;
+		} else {
+			LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported RSA key length");
+		}
 		if(!key->u.rsa.p.data
 		        ||!key->u.rsa.q.data
 		        ||!key->u.rsa.iqmp.data
diff --git a/src/tests/p11test/isoapplet_ref_v1.json b/src/tests/p11test/isoapplet_ref_v1.json
index c397ced33c..6453c01bfd 100644
--- a/src/tests/p11test/isoapplet_ref_v1.json
+++ b/src/tests/p11test/isoapplet_ref_v1.json
@@ -265,30 +265,84 @@
 	],
 	[
 		"03",
-		"ECDSA",
+		"RSA_PKCS",
+		"YES",
+		"YES"
+	],
+	[
+		"03",
+		"MD5_RSA_PKCS",
 		"YES",
 		""
 	],
 	[
 		"03",
-		"ECDSA_SHA1",
+		"SHA1_RSA_PKCS",
 		"YES",
 		""
 	],
 	[
 		"03",
-		"ECDSA_SHA256",
+		"RIPEMD160_RSA_PKCS",
 		"YES",
 		""
 	],
 	[
 		"03",
-		"ECDSA_SHA384",
+		"SHA256_RSA_PKCS",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA384_RSA_PKCS",
 		"YES",
 		""
 	],
 	[
 		"03",
+		"SHA512_RSA_PKCS",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA224_RSA_PKCS",
+		"YES",
+		""
+	],
+	[
+		"04",
+		"RSA_PKCS",
+		"",
+		"YES"
+	],
+	[
+		"05",
+		"ECDSA",
+		"YES",
+		""
+	],
+	[
+		"05",
+		"ECDSA_SHA1",
+		"YES",
+		""
+	],
+	[
+		"05",
+		"ECDSA_SHA256",
+		"YES",
+		""
+	],
+	[
+		"05",
+		"ECDSA_SHA384",
+		"YES",
+		""
+	],
+	[
+		"05",
 		"ECDSA_SHA512",
 		"YES",
 		""
@@ -337,6 +391,41 @@
 		"01",
 		"SHA224_RSA_PKCS",
 		"YES"
+	],
+	[
+		"03",
+		"MD5_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"SHA1_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"RIPEMD160_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"SHA256_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"SHA384_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"SHA512_RSA_PKCS",
+		"YES"
+	],
+	[
+		"03",
+		"SHA224_RSA_PKCS",
+		"YES"
 	]],
 	"result": "pass"
 },
@@ -404,6 +493,42 @@
 	[
 		"03",
 		"Private Key",
+		"RSA",
+		"4096",
+		"",
+		"YES",
+		"YES",
+		"YES",
+		"YES",
+		"YES",
+		"YES",
+		"",
+		"",
+		"",
+		"",
+		""
+	],
+	[
+		"04",
+		"Private Key",
+		"RSA",
+		"4096",
+		"",
+		"",
+		"",
+		"YES",
+		"YES",
+		"YES",
+		"YES",
+		"",
+		"",
+		"",
+		"",
+		""
+	],
+	[
+		"05",
+		"Private Key",
 		"EC",
 		"256",
 		"",
@@ -594,6 +719,168 @@
 		"-1",
 		"YES",
 		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA_1",
+		"MGF1_SHA_1",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA224",
+		"MGF1_SHA224",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA224",
+		"MGF1_SHA224",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA256",
+		"MGF1_SHA256",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA256",
+		"MGF1_SHA256",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA384",
+		"MGF1_SHA384",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA384",
+		"MGF1_SHA384",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA512",
+		"MGF1_SHA512",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"RSA_PKCS_PSS",
+		"SHA512",
+		"MGF1_SHA512",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA1_RSA_PKCS_PSS",
+		"SHA_1",
+		"MGF1_SHA_1",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA256_RSA_PKCS_PSS",
+		"SHA256",
+		"MGF1_SHA256",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA256_RSA_PKCS_PSS",
+		"SHA256",
+		"MGF1_SHA256",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA384_RSA_PKCS_PSS",
+		"SHA384",
+		"MGF1_SHA384",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA384_RSA_PKCS_PSS",
+		"SHA384",
+		"MGF1_SHA384",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA512_RSA_PKCS_PSS",
+		"SHA512",
+		"MGF1_SHA512",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA512_RSA_PKCS_PSS",
+		"SHA512",
+		"MGF1_SHA512",
+		"-1",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA224_RSA_PKCS_PSS",
+		"SHA224",
+		"MGF1_SHA224",
+		"-2",
+		"YES",
+		""
+	],
+	[
+		"03",
+		"SHA224_RSA_PKCS_PSS",
+		"SHA224",
+		"MGF1_SHA224",
+		"-1",
+		"YES",
+		""
 	]],
 	"result": "pass"
 },