diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go
index e3848f107..cc4b45727 100644
--- a/keyserver/internal/cross_signing.go
+++ b/keyserver/internal/cross_signing.go
@@ -473,19 +473,19 @@ func (a *KeyInternalAPI) QuerySignatures(ctx context.Context, req *api.QuerySign
 			}
 
 			for sourceUserID, forSourceUser := range keyMap {
-				if res.Signatures == nil {
-					res.Signatures = map[string]map[gomatrixserverlib.KeyID]types.CrossSigningSigMap{}
-				}
-				if _, ok := res.Signatures[targetUserID]; !ok {
-					res.Signatures[targetUserID] = map[gomatrixserverlib.KeyID]types.CrossSigningSigMap{}
-				}
-				if _, ok := res.Signatures[targetUserID][targetKeyID]; !ok {
-					res.Signatures[targetUserID][targetKeyID] = types.CrossSigningSigMap{}
-				}
-				if _, ok := res.Signatures[targetUserID][targetKeyID][sourceUserID]; !ok {
-					res.Signatures[targetUserID][targetKeyID][sourceUserID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
-				}
 				for targetKeyID, targetSig := range forSourceUser {
+					if res.Signatures == nil {
+						res.Signatures = map[string]map[gomatrixserverlib.KeyID]types.CrossSigningSigMap{}
+					}
+					if _, ok := res.Signatures[targetUserID]; !ok {
+						res.Signatures[targetUserID] = map[gomatrixserverlib.KeyID]types.CrossSigningSigMap{}
+					}
+					if _, ok := res.Signatures[targetUserID][targetKeyID]; !ok {
+						res.Signatures[targetUserID][targetKeyID] = types.CrossSigningSigMap{}
+					}
+					if _, ok := res.Signatures[targetUserID][targetKeyID][sourceUserID]; !ok {
+						res.Signatures[targetUserID][targetKeyID][sourceUserID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
+					}
 					res.Signatures[targetUserID][targetKeyID][sourceUserID][targetKeyID] = targetSig
 				}
 			}