diff --git a/federationapi/routing/devices.go b/federationapi/routing/devices.go
index 593551e6f..0c4d2c20e 100644
--- a/federationapi/routing/devices.go
+++ b/federationapi/routing/devices.go
@@ -66,8 +66,8 @@ func GetUserDevices(
 			Keys:        key,
 		}
 
-		if targetUser, ok := sigRes.Signatures[dev.UserID]; ok {
-			if targetKey, ok := targetUser[gomatrixserverlib.KeyID(dev.DeviceID)]; !ok {
+		if targetUser, ok := sigRes.Signatures[userID]; ok {
+			if targetKey, ok := targetUser[gomatrixserverlib.KeyID(dev.DeviceID)]; ok {
 				for sourceUserID, forSourceUser := range targetKey {
 					for sourceKeyID, sourceKey := range forSourceUser {
 						if _, ok := device.Keys.Signatures[sourceUserID]; !ok {
diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go
index a7a893820..6fa5f1f87 100644
--- a/keyserver/internal/cross_signing.go
+++ b/keyserver/internal/cross_signing.go
@@ -17,6 +17,7 @@ package internal
 import (
 	"context"
 	"crypto/ed25519"
+	"database/sql"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -466,6 +467,9 @@ func (a *KeyInternalAPI) QuerySignatures(ctx context.Context, req *api.QuerySign
 		for _, targetKeyID := range forTargetUser {
 			keyMap, err := a.DB.CrossSigningSigsForTarget(ctx, targetUserID, targetKeyID)
 			if err != nil {
+				if err == sql.ErrNoRows {
+					continue
+				}
 				res.Error = &api.KeyError{
 					Err: fmt.Sprintf("a.DB.CrossSigningSigsForTarget: %s", err),
 				}