diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/KeyType.java b/sdk/src/main/java/io/opentdf/platform/sdk/KeyType.java
index 373bf33e..06be4cf6 100644
--- a/sdk/src/main/java/io/opentdf/platform/sdk/KeyType.java
+++ b/sdk/src/main/java/io/opentdf/platform/sdk/KeyType.java
@@ -11,6 +11,7 @@
 
 public enum KeyType {
     RSA2048Key("rsa:2048"),
+    RSA4096Key("rsa:4096"),
     EC256Key("ec:secp256r1", SECP256R1),
     EC384Key("ec:secp384r1", SECP384R1),
     EC521Key("ec:secp521r1", SECP521R1);
@@ -56,6 +57,8 @@ public static KeyType fromAlgorithm(Algorithm algorithm) {
         switch (algorithm) {
             case ALGORITHM_RSA_2048:
                 return KeyType.RSA2048Key;
+            case ALGORITHM_RSA_4096:
+                return KeyType.RSA4096Key;
             case ALGORITHM_EC_P256:
                 return KeyType.EC256Key;
             case ALGORITHM_EC_P384:
@@ -74,6 +77,8 @@ public static KeyType fromPublicKeyAlgorithm(KasPublicKeyAlgEnum algorithm) {
         switch (algorithm) {
             case KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048:
                 return KeyType.RSA2048Key;
+            case KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096:
+                return KeyType.RSA4096Key;
             case KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1:
                 return KeyType.EC256Key;
             case KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1:
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/Planner.java b/sdk/src/main/java/io/opentdf/platform/sdk/Planner.java
index b07c735c..477d315a 100644
--- a/sdk/src/main/java/io/opentdf/platform/sdk/Planner.java
+++ b/sdk/src/main/java/io/opentdf/platform/sdk/Planner.java
@@ -163,6 +163,7 @@ Map<String, List<Config.KASInfo>> resolveKeys(List<Autoconfigure.KeySplitTemplat
                 logger.info("no public key provided for KAS at {}, retrieving", splitInfo.kas);
                 var getKI = new Config.KASInfo();
                 getKI.URL = splitInfo.kas;
+                getKI.KID = splitInfo.kid;
                 getKI.Algorithm = splitInfo.keyType == null
                         ? (tdfConfig.wrappingKeyType == null ? null : tdfConfig.wrappingKeyType.toString())
                         : splitInfo.keyType.toString();
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/Version.java b/sdk/src/main/java/io/opentdf/platform/sdk/Version.java
index 508c9151..53f131c7 100644
--- a/sdk/src/main/java/io/opentdf/platform/sdk/Version.java
+++ b/sdk/src/main/java/io/opentdf/platform/sdk/Version.java
@@ -1,14 +1,15 @@
 package io.opentdf.platform.sdk;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.regex.Pattern;
 
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 class Version implements Comparable<Version> {
 
     // Version of the SDK, managed by release-please.
diff --git a/sdk/src/test/java/io/opentdf/platform/sdk/KeyTypeTest.java b/sdk/src/test/java/io/opentdf/platform/sdk/KeyTypeTest.java
index 6dc72f47..980404f1 100644
--- a/sdk/src/test/java/io/opentdf/platform/sdk/KeyTypeTest.java
+++ b/sdk/src/test/java/io/opentdf/platform/sdk/KeyTypeTest.java
@@ -6,16 +6,19 @@
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_EC_P384;
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_EC_P521;
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_RSA_2048;
+import static io.opentdf.platform.policy.Algorithm.ALGORITHM_RSA_4096;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048;
+import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096;
 import static org.junit.jupiter.api.Assertions.*;
 
 class KeyTypeTest {
     @Test
     void testFromString() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromString("rsa:2048"));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromString("rsa:4096"));
         assertEquals(KeyType.EC256Key, KeyType.fromString("ec:secp256r1"));
         assertEquals(KeyType.EC384Key, KeyType.fromString("ec:secp384r1"));
         assertEquals(KeyType.EC521Key, KeyType.fromString("ec:secp521r1"));
@@ -29,6 +32,7 @@ void testFromStringInvalid() {
     @Test
     void testFromAlgorithm() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromAlgorithm(ALGORITHM_RSA_2048));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromAlgorithm(ALGORITHM_RSA_4096));
         assertEquals(KeyType.EC256Key, KeyType.fromAlgorithm(ALGORITHM_EC_P256));
         assertEquals(KeyType.EC384Key, KeyType.fromAlgorithm(ALGORITHM_EC_P384));
         assertEquals(KeyType.EC521Key, KeyType.fromAlgorithm(ALGORITHM_EC_P521));
@@ -37,6 +41,7 @@ void testFromAlgorithm() {
     @Test
     void testFromPublicKeyAlgEnum() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096));
         assertEquals(KeyType.EC256Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1));
         assertEquals(KeyType.EC384Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1));
         assertEquals(KeyType.EC521Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1));