diff --git a/src/LibHac/Common/Keys/DefaultKeySet.cs b/src/LibHac/Common/Keys/DefaultKeySet.cs
index 482caa91..9d1a0c8d 100644
--- a/src/LibHac/Common/Keys/DefaultKeySet.cs
+++ b/src/LibHac/Common/Keys/DefaultKeySet.cs
@@ -183,6 +183,7 @@ internal static partial class DefaultKeySet
 
         keys.Add(new KeyInfo(280, Type.CommonRoot, "eticket_rsa_kek", (set, _) => set.ETicketRsaKek));
         keys.Add(new KeyInfo(281, Type.CommonRoot, "ssl_rsa_kek", (set, _) => set.SslRsaKek));
+        keys.Add(new KeyInfo(282, Type.DeviceDrvd, "eticket_rsa_keypair", (set, _) => set.ETicketRsaKeyPair));
 
         keys.Add(new KeyInfo(290, Type.CommonDrvd, "key_area_key_application", 0, KeyRevisionCount, (set, i) => set.KeyAreaKeys[i][0]));
         keys.Add(new KeyInfo(300, Type.CommonDrvd, "key_area_key_ocean", 0, KeyRevisionCount, (set, i) => set.KeyAreaKeys[i][1]));
diff --git a/src/LibHac/Common/Keys/ExternalKeyReader.cs b/src/LibHac/Common/Keys/ExternalKeyReader.cs
index df4a990d..267e2998 100644
--- a/src/LibHac/Common/Keys/ExternalKeyReader.cs
+++ b/src/LibHac/Common/Keys/ExternalKeyReader.cs
@@ -12,7 +12,7 @@ namespace LibHac.Common.Keys;
 
 public static class ExternalKeyReader
 {
-    private const int ReadBufferSize = 1024;
+    private const int ReadBufferSize = 2048;
 
     // Contains info from a specific key being read from a file
     [DebuggerDisplay("{" + nameof(Name) + "}")]
diff --git a/src/LibHac/Common/Keys/KeySet.cs b/src/LibHac/Common/Keys/KeySet.cs
index 8bdb2f70..e9ba29f7 100644
--- a/src/LibHac/Common/Keys/KeySet.cs
+++ b/src/LibHac/Common/Keys/KeySet.cs
@@ -129,7 +129,7 @@ public class KeySet
     private RsaSigningKeyParameters _rsaSigningKeyParamsProd;
     private RsaKeyParameters _rsaKeyParams;
 
-    public RSAParameters ETicketExtKeyRsa { get; set; }
+    public ref RsaKeyPair ETicketRsaKeyPair => ref DerivedDeviceKeys.ETicketRsaKeyPair;
 
     public Span<RSAParameters> NcaHeaderSigningKeyParams
     {
@@ -389,6 +389,7 @@ public struct DerivedDeviceKeys
     public Array2<AesKey> DeviceUniqueSaveMacKeys;
     public AesKey SeedUniqueSaveMacKey;
     public Array3<AesXtsKey> SdCardEncryptionKeys;
+    public RsaKeyPair ETicketRsaKeyPair;
 }
 
 public struct RsaSigningKeys
diff --git a/src/LibHac/Crypto/KeyTypes.cs b/src/LibHac/Crypto/KeyTypes.cs
index 31a13fd1..d2a4a58c 100644
--- a/src/LibHac/Crypto/KeyTypes.cs
+++ b/src/LibHac/Crypto/KeyTypes.cs
@@ -132,4 +132,26 @@ public struct RsaKey
 {
     public Array256<byte> Modulus;
     public Array3<byte> PublicExponent;
+}
+
+[StructLayout(LayoutKind.Explicit, Size = Size)]
+public struct RsaKeyPair
+{
+    private const int Size = 0x210;
+
+    [FieldOffset(0)] private byte _byte;
+    [FieldOffset(0)] private ulong _ulong;
+
+    [FieldOffset(0)] public Array256<byte> PrivateExponent;
+    [FieldOffset(0x100)] public Array256<byte> Modulus;
+    [FieldOffset(0x200)] public Array4<byte> PublicExponent;
+    [FieldOffset(0x204)] public Array12<byte> Reserved;
+
+    public Span<byte> Data => SpanHelpers.CreateSpan(ref _byte, Size);
+    public readonly ReadOnlySpan<byte> DataRo => SpanHelpers.CreateReadOnlySpan(in _byte, Size);
+
+    public static implicit operator Span<byte>(in RsaKeyPair value) => Unsafe.AsRef(in value).Data;
+    public static implicit operator ReadOnlySpan<byte>(in RsaKeyPair value) => value.DataRo;
+
+    public readonly override string ToString() => DataRo.ToHexString();
 }
\ No newline at end of file
diff --git a/src/LibHac/Tools/Es/Ticket.cs b/src/LibHac/Tools/Es/Ticket.cs
index 892cef0a..bf3474db 100644
--- a/src/LibHac/Tools/Es/Ticket.cs
+++ b/src/LibHac/Tools/Es/Ticket.cs
@@ -1,7 +1,9 @@
 using System;
 using System.IO;
+using System.Security.Cryptography;
 using LibHac.Common;
 using LibHac.Common.Keys;
+using LibHac.Crypto;
 using LibHac.Tools.Crypto;
 using LibHac.Util;
 
@@ -157,7 +159,11 @@ public class Ticket
             return commonKey;
         }
 
-        return CryptoOld.DecryptRsaOaep(TitleKeyBlock, keySet.ETicketExtKeyRsa);
+        RSAParameters rsaParameters = Rsa.RecoverParameters(
+            keySet.ETicketRsaKeyPair.Modulus,
+            keySet.ETicketRsaKeyPair.PublicExponent,
+            keySet.ETicketRsaKeyPair.PrivateExponent);
+        return CryptoOld.DecryptRsaOaep(TitleKeyBlock, rsaParameters);
     }
 }