diff --git a/lib/internal.h b/lib/internal.h
index 06790bba..d6bb2e23 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -200,9 +200,9 @@ union u_APDU {
     unsigned char p1;
     unsigned char p2;
     unsigned char lc;
-    unsigned char data[0x100]; // Max 255 bytes + Le
+    unsigned char data[YKPIV_OBJ_MAX_SIZE - 6]; // Max message bytes - apdu len - Le
   } st;
-  unsigned char raw[0x100 + 5];
+  unsigned char raw[YKPIV_OBJ_MAX_SIZE]; // Max message size the yubikey can receive
 };
 
 typedef union u_APDU APDU;
diff --git a/lib/ykpiv.c b/lib/ykpiv.c
index f6c71d7d..4aec0fa9 100644
--- a/lib/ykpiv.c
+++ b/lib/ykpiv.c
@@ -1705,7 +1705,7 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
     unsigned char algorithm, unsigned char key, bool decipher) {
   unsigned char indata[YKPIV_OBJ_MAX_SIZE] = {0};
   unsigned char *dataptr = indata;
-  unsigned char data[2048] = {0};
+  unsigned char data[4096] = {0};
   unsigned char templ[] = {0, YKPIV_INS_AUTHENTICATE, algorithm, key};
   unsigned long recv_len = sizeof(data);
   size_t key_len = 0;
@@ -2618,7 +2618,6 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
 }
 
 ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char *data, size_t *data_len) {
-  fprintf(stderr, "------------------------- ykpiv_attest()\n");
   ykpiv_rc res;
   unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
   int sw = 0;
@@ -2631,14 +2630,11 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
   ul_data_len = (unsigned long)*data_len;
 
   if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return res;
-  fprintf(stderr, "------------------------- _ykpiv_begin_transaction() OK\n");
   if (YKPIV_OK != (res = _ykpiv_ensure_application_selected_ex(state, state->scp11_state.security_level == SCP11_KEY_USAGE))) goto Cleanup;
-  fprintf(stderr, "------------------------- _ykpiv_ensure_application_selected() OK\n");
 
   if ((res = _ykpiv_transfer_data(state, templ, NULL, 0, data, &ul_data_len, &sw)) != YKPIV_OK) {
     goto Cleanup;
   }
-  fprintf(stderr, "------------------------- _ykpiv_transfer_data() OK\n");
   res = ykpiv_translate_sw_ex(__FUNCTION__, sw);
   if (res != YKPIV_OK) {
     goto Cleanup;
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
index db0c1219..3b55457b 100644
--- a/tool/yubico-piv-tool.c
+++ b/tool/yubico-piv-tool.c
@@ -120,7 +120,7 @@ static void print_version(ykpiv_state *state, const char *output_file_name) {
 static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, unsigned char *out,
     size_t *out_len, unsigned char algorithm, int key) {
 
-  unsigned char signinput[1024] = {0};
+  unsigned char signinput[4096] = {0};
   if(YKPIV_IS_RSA(algorithm)) {
     size_t padlen = 0;
     switch (algorithm) {
@@ -176,7 +176,7 @@ static int yk_rsa_meth_sign(int dtype, const unsigned char *m, unsigned int m_le
   size_t yk_siglen = RSA_size(rsa);
   const RSA_METHOD *meth = RSA_get_method(rsa);
   const struct internal_key *key = RSA_meth_get0_app_data(meth);
-  unsigned char message[256] = {0};
+  unsigned char message[2048] = {0};
 
   if(key->oid_len) {
     memcpy(message, key->oid, key->oid_len);