diff --git a/keyserver/api/api.go b/keyserver/api/api.go
index 72bb6576f..520562e7a 100644
--- a/keyserver/api/api.go
+++ b/keyserver/api/api.go
@@ -256,6 +256,8 @@ type QuerySignaturesResponse struct {
 	MasterKeys map[string]gomatrixserverlib.CrossSigningKey
 	// A map of target user ID -> cross-signing self-signing key
 	SelfSigningKeys map[string]gomatrixserverlib.CrossSigningKey
+	// A map of target user ID -> cross-signing user-signing key
+	UserSigningKeys map[string]gomatrixserverlib.CrossSigningKey
 	// The request error, if any
 	Error *KeyError
 }
diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go
index 32e687d96..e7cd7fbcb 100644
--- a/keyserver/internal/cross_signing.go
+++ b/keyserver/internal/cross_signing.go
@@ -230,7 +230,8 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
 				continue
 			}
 			for sigKeyID, sigBytes := range forSigUserID {
-				if err := a.DB.StoreCrossSigningSigsForTarget(ctx, sigUserID, targetKeyID, sigUserID, sigKeyID, sigBytes); err != nil {
+				// origin origin target target
+				if err := a.DB.StoreCrossSigningSigsForTarget(ctx, sigUserID, sigKeyID, req.UserID, targetKeyID, sigBytes); err != nil {
 					res.Error = &api.KeyError{
 						Err: fmt.Sprintf("a.DB.StoreCrossSigningSigsForTarget: %s", err),
 					}
@@ -434,7 +435,7 @@ func (a *KeyInternalAPI) crossSigningKeysFromDatabase(
 				break
 			}
 
-			sigs, err := a.DB.CrossSigningSigsForTarget(ctx, userID, keyID)
+			sigMap, err := a.DB.CrossSigningSigsForTarget(ctx, userID, keyID)
 			if err != nil {
 				logrus.WithError(err).Errorf("Failed to get cross-signing signatures for user %q key %q", userID, keyID)
 				continue
@@ -450,7 +451,7 @@ func (a *KeyInternalAPI) crossSigningKeysFromDatabase(
 				key.Signatures[originUserID][originKeyID] = signature
 			}
 
-			for originUserID, forOrigin := range sigs {
+			for originUserID, forOrigin := range sigMap {
 				for originKeyID, signature := range forOrigin {
 					switch {
 					case req.UserID != "" && originUserID == req.UserID:
@@ -498,11 +499,18 @@ func (a *KeyInternalAPI) QuerySignatures(ctx context.Context, req *api.QuerySign
 						res.MasterKeys = map[string]gomatrixserverlib.CrossSigningKey{}
 					}
 					res.MasterKeys[targetUserID] = targetKey
+
 				case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
 					if res.SelfSigningKeys == nil {
 						res.SelfSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
 					}
 					res.SelfSigningKeys[targetUserID] = targetKey
+
+				case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
+					if res.UserSigningKeys == nil {
+						res.UserSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+					}
+					res.UserSigningKeys[targetUserID] = targetKey
 				}
 			}