diff --git a/tool/src/main/java/module-info.java b/tool/src/main/java/module-info.java
index b71250ae..c8dc976d 100644
--- a/tool/src/main/java/module-info.java
+++ b/tool/src/main/java/module-info.java
@@ -14,4 +14,5 @@
     requires org.bouncycastle.provider;
     requires org.bouncycastle.pkix;
     requires org.slf4j;
+    exports pro.javacard.gptool.key;
 }
\ No newline at end of file
diff --git a/tool/src/main/java/pro/javacard/gptool/GPTool.java b/tool/src/main/java/pro/javacard/gptool/GPTool.java
index 487d9483..5b05b508 100644
--- a/tool/src/main/java/pro/javacard/gptool/GPTool.java
+++ b/tool/src/main/java/pro/javacard/gptool/GPTool.java
@@ -36,6 +36,7 @@
 import pro.javacard.gp.*;
 import pro.javacard.gp.GPRegistryEntry.Privilege;
 import pro.javacard.gp.GPSession.APDUMode;
+import pro.javacard.gptool.key.PlaintextKeys;
 import pro.javacard.pace.AESSecureChannel;
 import pro.javacard.pace.PACE;
 import pro.javacard.pace.PACEException;
@@ -847,8 +848,8 @@ else if (keyver >= 0x30 && keyver <= 0x3F)
                         PlaintextKeys pk = (PlaintextKeys) newKeys;
                         if (pk.getMasterKey().isPresent())
                             System.out.println(gp.getAID() + " locked with: " + HexUtils.bin2hex(pk.getMasterKey().get()));
-                        if (pk.kdf_template != null)
-                            System.out.println("Keys were diversified with " + pk.kdf_template + " and " + HexUtils.bin2hex(kdd));
+                        if (pk.getDiversifier() != null)
+                            System.out.println("Keys were diversified with " + pk.getDiversifier() + " and " + HexUtils.bin2hex(kdd));
                         System.out.println("Write this down, DO NOT FORGET/LOSE IT!");
                     } else {
                         System.out.println("Card locked with new keys.");
diff --git a/tool/src/main/java/pro/javacard/gptool/PlaintextKeysProvider.java b/tool/src/main/java/pro/javacard/gptool/PlaintextKeysProvider.java
index 45138143..6d032194 100644
--- a/tool/src/main/java/pro/javacard/gptool/PlaintextKeysProvider.java
+++ b/tool/src/main/java/pro/javacard/gptool/PlaintextKeysProvider.java
@@ -24,6 +24,7 @@
 import com.google.auto.service.AutoService;
 import pro.javacard.gp.CardKeysProvider;
 import pro.javacard.gp.GPCardKeys;
+import pro.javacard.gptool.key.PlaintextKeys;
 
 import java.util.Map;
 import java.util.Optional;
diff --git a/tool/src/main/java/pro/javacard/gptool/PlaintextKeys.java b/tool/src/main/java/pro/javacard/gptool/key/PlaintextKeys.java
similarity index 98%
rename from tool/src/main/java/pro/javacard/gptool/PlaintextKeys.java
rename to tool/src/main/java/pro/javacard/gptool/key/PlaintextKeys.java
index 982ed06a..a001ac41 100644
--- a/tool/src/main/java/pro/javacard/gptool/PlaintextKeys.java
+++ b/tool/src/main/java/pro/javacard/gptool/key/PlaintextKeys.java
@@ -17,7 +17,7 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
-package pro.javacard.gptool;
+package pro.javacard.gptool.key;
 
 import apdu4j.core.HexUtils;
 import org.slf4j.Logger;
@@ -33,11 +33,11 @@
 
 // Handles plaintext card keys.
 // Supports diversification of card keys with a few known algorithms.
-class PlaintextKeys extends GPCardKeys {
+public class PlaintextKeys extends GPCardKeys {
     private static final Logger logger = LoggerFactory.getLogger(PlaintextKeys.class);
 
     // After diversify() we know for which protocol we have keys for, unless known before
-    static final byte[] defaultKeyBytes = HexUtils.hex2bin("404142434445464748494A4B4C4D4E4F");
+    public static final byte[] defaultKeyBytes = HexUtils.hex2bin("404142434445464748494A4B4C4D4E4F");
 
     // Derivation constants for session keys
     public static final Map<KeyPurpose, byte[]> SCP02_CONSTANTS;
@@ -70,7 +70,7 @@ class PlaintextKeys extends GPCardKeys {
     }
 
     // If diverisification is to be used
-    String kdf_template;
+    private String kdf_template = null;
 
     // Keyset version
     private int version = 0x00;
@@ -422,6 +422,10 @@ public void setDiversifier(String template) {
         this.kdf_template = template;
     }
 
+    public String getDiversifier() {
+        return kdf_template;
+    }
+
     @Override
     public byte[] scp3_kdf(KeyPurpose purpose, byte[] a, byte[] b, int bytes) {
         return GPCrypto.scp03_kdf(cardKeys.get(purpose), a, b, bytes);
diff --git a/tool/src/test/java/pro/javacard/gptool/TestPlaintextKeysProvider.java b/tool/src/test/java/pro/javacard/gptool/TestPlaintextKeysProvider.java
index c0a85026..9ed65284 100644
--- a/tool/src/test/java/pro/javacard/gptool/TestPlaintextKeysProvider.java
+++ b/tool/src/test/java/pro/javacard/gptool/TestPlaintextKeysProvider.java
@@ -7,6 +7,7 @@
 import pro.javacard.gp.GPCardKeys;
 import pro.javacard.gp.GPCrypto;
 import pro.javacard.gp.GPSecureChannelVersion;
+import pro.javacard.gptool.key.PlaintextKeys;
 
 import java.util.Optional;