Going back to my early Python implementation, manually decrypting official firmware again, it turns out that they must indeed have changed the RSA key for DIR-1960 and DIR-2660, unlike the DIR-8xx and old COVR devices. The tool dlink-sge-image will still decrypt the image, but also should have printed a warning about the RSA mismatch.
By the way, I recently found the firmware for COVR-X1860 on the ftp, also built by SGE (unlike DIR-X1860 by AlphaNetworks), which seems to use even a different AES key; i.e. the image currently won't decrypt at all.
So, I think the next steps here are indeed to figure out the format required by the recovery, which (at least for old COVR devices) does only decrypt AES, without checking RSA.