diff --git a/federationapi/routing/devices.go b/federationapi/routing/devices.go
index b397c5460..4cd199960 100644
--- a/federationapi/routing/devices.go
+++ b/federationapi/routing/devices.go
@@ -38,12 +38,11 @@ func GetUserDevices(
 	}
 
 	sigReq := &keyapi.QuerySignaturesRequest{
-		TargetIDs: map[string][]gomatrixserverlib.KeyID{},
+		TargetIDs: map[string][]gomatrixserverlib.KeyID{
+			userID: {},
+		},
 	}
 	sigRes := &keyapi.QuerySignaturesResponse{}
-	for _, dev := range res.Devices {
-		sigReq.TargetIDs[userID] = append(sigReq.TargetIDs[userID], gomatrixserverlib.KeyID(dev.DeviceID))
-	}
 	keyAPI.QuerySignatures(req.Context(), sigReq, sigRes)
 
 	response := gomatrixserverlib.RespUserDevices{
diff --git a/go.mod b/go.mod
index 39f6020ce..e5d157565 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/matrix-org/go-http-js-libp2p v0.0.0-20200518170932-783164aeeda4
 	github.com/matrix-org/go-sqlite3-js v0.0.0-20210709140738-b0d1ba599a6d
 	github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20210805104751-03e40fa2c0e1
+	github.com/matrix-org/gomatrixserverlib v0.0.0-20210809130922-d9c3f400582b
 	github.com/matrix-org/naffka v0.0.0-20210623111924-14ff508b58e0
 	github.com/matrix-org/pinecone v0.0.0-20210623102758-74f885644c1b
 	github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4
diff --git a/go.sum b/go.sum
index df5e2b857..d848988da 100644
--- a/go.sum
+++ b/go.sum
@@ -994,8 +994,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20210709140738-b0d1ba599a6d/go.mod h1
 github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26/go.mod h1:3fxX6gUjWyI/2Bt7J1OLhpCzOfO/bB3AiX0cJtEKud0=
 github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16 h1:ZtO5uywdd5dLDCud4r0r55eP4j9FuUNpl60Gmntcop4=
 github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20210805104751-03e40fa2c0e1 h1:ExS9AmOWYSZ4DR7W7Eqm7glP/g/u/CTVLAu9blAnve4=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20210805104751-03e40fa2c0e1/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20210809130922-d9c3f400582b h1:8St1B8QmlvMLsOmGqW3++0akUs0250IAi+AGcr5faxw=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20210809130922-d9c3f400582b/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU=
 github.com/matrix-org/naffka v0.0.0-20210623111924-14ff508b58e0 h1:HZCzy4oVzz55e+cOMiX/JtSF2UOY1evBl2raaE7ACcU=
 github.com/matrix-org/naffka v0.0.0-20210623111924-14ff508b58e0/go.mod h1:sjyPyRxKM5uw1nD2cJ6O2OxI6GOqyVBfNXqKjBZTBZE=
 github.com/matrix-org/pinecone v0.0.0-20210623102758-74f885644c1b h1:5X5vdWQ13xrNkJVqaJHPsrt7rKkMJH5iac0EtfOuxSg=
diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go
index 28126fbc0..4009dd459 100644
--- a/keyserver/internal/cross_signing.go
+++ b/keyserver/internal/cross_signing.go
@@ -79,8 +79,8 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
 			}
 			return
 		}
-		hasMasterKey = true
 		for _, keyData := range req.MasterKey.Keys { // iterates once, because sanityCheckKey requires one key
+			hasMasterKey = true
 			masterKey = keyData
 		}
 	}
@@ -142,6 +142,15 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
 	if len(req.UserSigningKey.Keys) > 0 {
 		toVerify[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
 	}
+
+	if len(toVerify) == 0 {
+		res.Error = &api.KeyError{
+			Err:            "No supplied keys available for verification",
+			IsMissingParam: true,
+		}
+		return
+	}
+
 	for purpose, key := range toVerify {
 		// Collect together the key IDs we need to verify with. This will include
 		// all of the key IDs specified in the signatures.
@@ -178,6 +187,14 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
 		}
 	}
 
+	if len(toStore) == 0 {
+		res.Error = &api.KeyError{
+			Err:            "No supplied keys passed verification",
+			IsMissingParam: true,
+		}
+		return
+	}
+
 	if err := a.DB.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore); err != nil {
 		res.Error = &api.KeyError{
 			Err: fmt.Sprintf("a.DB.StoreCrossSigningKeysForUser: %s", err),
@@ -496,44 +513,39 @@ func (a *KeyInternalAPI) crossSigningKeysFromDatabase(
 
 func (a *KeyInternalAPI) QuerySignatures(ctx context.Context, req *api.QuerySignaturesRequest, res *api.QuerySignaturesResponse) {
 	for targetUserID, forTargetUser := range req.TargetIDs {
+		keyMap, err := a.DB.CrossSigningKeysForUser(ctx, targetUserID)
+		if err != nil && err != sql.ErrNoRows {
+			res.Error = &api.KeyError{
+				Err: fmt.Sprintf("a.DB.CrossSigningKeysForUser: %s", err),
+			}
+			continue
+		}
+
+		for targetPurpose, targetKey := range keyMap {
+			switch targetPurpose {
+			case gomatrixserverlib.CrossSigningKeyPurposeMaster:
+				if res.MasterKeys == nil {
+					res.MasterKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+				}
+				res.MasterKeys[targetUserID] = targetKey
+
+			case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
+				if res.SelfSigningKeys == nil {
+					res.SelfSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+				}
+				res.SelfSigningKeys[targetUserID] = targetKey
+
+			case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
+				if res.UserSigningKeys == nil {
+					res.UserSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+				}
+				res.UserSigningKeys[targetUserID] = targetKey
+			}
+		}
+
 		for _, targetKeyID := range forTargetUser {
-			keyMap, err := a.DB.CrossSigningKeysForUser(ctx, targetUserID)
-			if err != nil {
-				if err == sql.ErrNoRows {
-					continue
-				}
-				res.Error = &api.KeyError{
-					Err: fmt.Sprintf("a.DB.CrossSigningKeysForUser: %s", err),
-				}
-			}
-
-			for targetPurpose, targetKey := range keyMap {
-				switch targetPurpose {
-				case gomatrixserverlib.CrossSigningKeyPurposeMaster:
-					if res.MasterKeys == nil {
-						res.MasterKeys = map[string]gomatrixserverlib.CrossSigningKey{}
-					}
-					res.MasterKeys[targetUserID] = targetKey
-
-				case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
-					if res.SelfSigningKeys == nil {
-						res.SelfSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
-					}
-					res.SelfSigningKeys[targetUserID] = targetKey
-
-				case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
-					if res.UserSigningKeys == nil {
-						res.UserSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
-					}
-					res.UserSigningKeys[targetUserID] = targetKey
-				}
-			}
-
 			sigMap, err := a.DB.CrossSigningSigsForTarget(ctx, targetUserID, targetKeyID)
-			if err != nil {
-				if err == sql.ErrNoRows {
-					continue
-				}
+			if err != nil && err != sql.ErrNoRows {
 				res.Error = &api.KeyError{
 					Err: fmt.Sprintf("a.DB.CrossSigningSigsForTarget: %s", err),
 				}
diff --git a/keyserver/internal/internal.go b/keyserver/internal/internal.go
index 668587e2a..de2699114 100644
--- a/keyserver/internal/internal.go
+++ b/keyserver/internal/internal.go
@@ -412,17 +412,11 @@ func (a *KeyInternalAPI) queryRemoteKeys(
 		}
 
 		for userID, body := range result.MasterKeys {
-			switch b := body.CrossSigningBody.(type) {
-			case *gomatrixserverlib.CrossSigningKey:
-				res.MasterKeys[userID] = *b
-			}
+			res.MasterKeys[userID] = body
 		}
 
 		for userID, body := range result.SelfSigningKeys {
-			switch b := body.CrossSigningBody.(type) {
-			case *gomatrixserverlib.CrossSigningKey:
-				res.SelfSigningKeys[userID] = *b
-			}
+			res.SelfSigningKeys[userID] = body
 		}
 
 		// TODO: do we want to persist these somewhere now