diff --git a/crates/ruma-client-api/src/r0/keys/claim_keys.rs b/crates/ruma-client-api/src/r0/keys/claim_keys.rs
index c67ad18b..8dbc62a2 100644
--- a/crates/ruma-client-api/src/r0/keys/claim_keys.rs
+++ b/crates/ruma-client-api/src/r0/keys/claim_keys.rs
@@ -5,6 +5,7 @@ use std::{collections::BTreeMap, time::Duration};
 use ruma_api::ruma_api;
 use ruma_common::encryption::OneTimeKey;
 use ruma_identifiers::{DeviceId, DeviceKeyAlgorithm, DeviceKeyId, UserId};
+use ruma_serde::Raw;
 use serde_json::Value as JsonValue;
 
 ruma_api! {
@@ -60,4 +61,4 @@ impl Response {
 }
 
 /// The one-time keys for a given device.
-pub type OneTimeKeys = BTreeMap<Box<DeviceId>, BTreeMap<Box<DeviceKeyId>, OneTimeKey>>;
+pub type OneTimeKeys = BTreeMap<Box<DeviceId>, BTreeMap<Box<DeviceKeyId>, Raw<OneTimeKey>>>;
diff --git a/crates/ruma-client-api/src/r0/keys/get_keys.rs b/crates/ruma-client-api/src/r0/keys/get_keys.rs
index 9180f3d1..dd7d4958 100644
--- a/crates/ruma-client-api/src/r0/keys/get_keys.rs
+++ b/crates/ruma-client-api/src/r0/keys/get_keys.rs
@@ -5,6 +5,7 @@ use std::{collections::BTreeMap, time::Duration};
 use ruma_api::ruma_api;
 use ruma_common::encryption::DeviceKeys;
 use ruma_identifiers::{DeviceId, UserId};
+use ruma_serde::Raw;
 use serde_json::Value as JsonValue;
 
 #[cfg(feature = "unstable-pre-spec")]
@@ -56,22 +57,22 @@ ruma_api! {
 
         /// Information on the queried devices.
         #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-        pub device_keys: BTreeMap<Box<UserId>, BTreeMap<Box<DeviceId>, DeviceKeys>>,
+        pub device_keys: BTreeMap<Box<UserId>, BTreeMap<Box<DeviceId>, Raw<DeviceKeys>>>,
 
         /// Information on the master cross-signing keys of the queried users.
         #[cfg(feature = "unstable-pre-spec")]
         #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-        pub master_keys: BTreeMap<Box<UserId>, CrossSigningKey>,
+        pub master_keys: BTreeMap<Box<UserId>, Raw<CrossSigningKey>>,
 
         /// Information on the self-signing keys of the queried users.
         #[cfg(feature = "unstable-pre-spec")]
         #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-        pub self_signing_keys: BTreeMap<Box<UserId>, CrossSigningKey>,
+        pub self_signing_keys: BTreeMap<Box<UserId>, Raw<CrossSigningKey>>,
 
         /// Information on the user-signing keys of the queried users.
         #[cfg(feature = "unstable-pre-spec")]
         #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-        pub user_signing_keys: BTreeMap<Box<UserId>, CrossSigningKey>,
+        pub user_signing_keys: BTreeMap<Box<UserId>, Raw<CrossSigningKey>>,
     }
 
     error: crate::Error
diff --git a/crates/ruma-client-api/src/r0/keys/upload_keys.rs b/crates/ruma-client-api/src/r0/keys/upload_keys.rs
index 7c6be7e4..e35e09d5 100644
--- a/crates/ruma-client-api/src/r0/keys/upload_keys.rs
+++ b/crates/ruma-client-api/src/r0/keys/upload_keys.rs
@@ -6,6 +6,7 @@ use js_int::UInt;
 use ruma_api::ruma_api;
 use ruma_common::encryption::{DeviceKeys, OneTimeKey};
 use ruma_identifiers::{DeviceKeyAlgorithm, DeviceKeyId};
+use ruma_serde::Raw;
 
 ruma_api! {
     metadata: {
@@ -23,11 +24,11 @@ ruma_api! {
         ///
         /// May be absent if no new identity keys are required.
         #[serde(skip_serializing_if = "Option::is_none")]
-        pub device_keys: Option<DeviceKeys>,
+        pub device_keys: Option<Raw<DeviceKeys>>,
 
         /// One-time public keys for "pre-key" messages.
         #[serde(skip_serializing_if = "Option::is_none")]
-        pub one_time_keys: Option<BTreeMap<Box<DeviceKeyId>, OneTimeKey>>,
+        pub one_time_keys: Option<BTreeMap<Box<DeviceKeyId>, Raw<OneTimeKey>>>,
     }
 
     response: {
diff --git a/crates/ruma-client-api/src/r0/keys/upload_signing_keys.rs b/crates/ruma-client-api/src/r0/keys/upload_signing_keys.rs
index 5f8b1321..ff37f736 100644
--- a/crates/ruma-client-api/src/r0/keys/upload_signing_keys.rs
+++ b/crates/ruma-client-api/src/r0/keys/upload_signing_keys.rs
@@ -4,6 +4,7 @@
 
 use ruma_api::ruma_api;
 use ruma_common::encryption::CrossSigningKey;
+use ruma_serde::Raw;
 
 use crate::r0::uiaa::{AuthData, IncomingAuthData, UiaaResponse};
 
@@ -25,21 +26,21 @@ ruma_api! {
 
         /// The user's master key.
         #[serde(skip_serializing_if = "Option::is_none")]
-        pub master_key: Option<CrossSigningKey>,
+        pub master_key: Option<Raw<CrossSigningKey>>,
 
         /// The user's self-signing key.
         ///
         /// Must be signed with the accompanied master, or by the user's most recently uploaded
         /// master key if no master key is included in the request.
         #[serde(skip_serializing_if = "Option::is_none")]
-        pub self_signing_key: Option<CrossSigningKey>,
+        pub self_signing_key: Option<Raw<CrossSigningKey>>,
 
         /// The user's user-signing key.
         ///
         /// Must be signed with the accompanied master, or by the user's most recently uploaded
         /// master key if no master key is included in the request.
         #[serde(skip_serializing_if = "Option::is_none")]
-        pub user_signing_key: Option<CrossSigningKey>,
+        pub user_signing_key: Option<Raw<CrossSigningKey>>,
     }
 
     #[derive(Default)]