diff --git a/src/BTCPayServer.NTag424/Ntag424.cs b/src/BTCPayServer.NTag424/Ntag424.cs
index 5174fd8..9cc69f6 100644
--- a/src/BTCPayServer.NTag424/Ntag424.cs
+++ b/src/BTCPayServer.NTag424/Ntag424.cs
@@ -452,6 +452,16 @@ retry:
         await ResetCard(keys);
     }
 
+    public async Task<int> GetKeyVersion(int keyNo, CancellationToken cancellationToken = default)
+    {
+        var resp = await SendAPDU(
+            NtagCommands.GetKeyVersion with
+            {
+                Data = new byte[] { (byte)keyNo },
+            }, cancellationToken);
+        return resp.Data[0];
+    }
+
     /// <summary>
     /// Reset the card to factory settings using current application keys
     /// </summary>
@@ -534,21 +544,22 @@ retry:
         };
         await ChangeFileSettings(fileSettings: settings);
         await SetRandomUID();
+        var setupVersion = 1; // Match boltcard app creator
         if (newKeys.EncryptionKey != oldKeys.EncryptionKey)
-            await ChangeKey(1, newKeys.EncryptionKey, oldKeys.EncryptionKey);
+            await ChangeKey(1, newKeys.EncryptionKey, oldKeys.EncryptionKey, setupVersion);
 
         if (newKeys.AuthenticationKey != oldKeys.AuthenticationKey)
-            await ChangeKey(2, newKeys.AuthenticationKey, oldKeys.AuthenticationKey);
+            await ChangeKey(2, newKeys.AuthenticationKey, oldKeys.AuthenticationKey, setupVersion);
 
         if (newKeys.K3 != oldKeys.K3)
-            await ChangeKey(3, newKeys.K3, oldKeys.K3);
+            await ChangeKey(3, newKeys.K3, oldKeys.K3, setupVersion);
 
         if (newKeys.K4 != oldKeys.K4)
-            await ChangeKey(4, newKeys.K4, oldKeys.K4);
+            await ChangeKey(4, newKeys.K4, oldKeys.K4, setupVersion);
 
         if (newKeys.AppMasterKey != CurrentSession!.Key)
         {
-            await ChangeKey(0, newKeys.AppMasterKey); // No need of old key for 0
+            await ChangeKey(0, newKeys.AppMasterKey, version: setupVersion); // No need of old key for 0
             await AuthenticateEV2First(0, newKeys.AppMasterKey);
         }
     }
diff --git a/tests/UnitTest1.cs b/tests/UnitTest1.cs
index 38f4aac..9c5b6b3 100644
--- a/tests/UnitTest1.cs
+++ b/tests/UnitTest1.cs
@@ -258,11 +258,21 @@ public class UnitTest1
             K4: new AESKey("00000000000000000000000000000005".HexToBytes()));
         // await ntag.ResetCard(keys);
         await ntag.SetupBoltcard("http://test.com", BoltcardKeys.Default, keys);
+        foreach (var i in new int[] { 0, 1, 2, 3, 4 })
+        {
+            Assert.Equal(1, await ntag.GetKeyVersion(i));
+        }
+        Logs.WriteLine((await ntag.GetKeyVersion(0)).ToString());
         var uri = await ntag.TryReadNDefURI();
         Assert.StartsWith("lnurlw://test.com/?p=", uri?.AbsoluteUri);
         var piccData = PICCData.TryBoltcardDecryptCheck(keys.EncryptionKey, keys.AuthenticationKey, uri);
         Assert.NotNull(piccData);
         await ntag.ResetCard(keys);
+        await ntag.AuthenticateEV2First(0, AESKey.Default);
+        foreach (var i in new int[] { 0, 1, 2, 3, 4 })
+        {
+            Assert.Equal(0, await ntag.GetKeyVersion(i));
+        }
     }
 
     [Fact]