diff --git a/native/handlers/peer-to-peer-message-handler.js b/lib/handlers/peer-to-peer-message-handler.js
rename from native/handlers/peer-to-peer-message-handler.js
rename to lib/handlers/peer-to-peer-message-handler.js
--- a/native/handlers/peer-to-peer-message-handler.js
+++ b/lib/handlers/peer-to-peer-message-handler.js
@@ -1,20 +1,40 @@
 // @flow
 
-import { getOneTimeKeyValues } from 'lib/shared/crypto-utils.js';
+import type {
+  IdentityServiceClient,
+  DeviceOlmInboundKeys,
+} from '../types/identity-service-types.js';
 import {
-  type PeerToPeerMessage,
   peerToPeerMessageTypes,
-} from 'lib/types/tunnelbroker/peer-to-peer-message-types.js';
-
-import { commCoreModule, commRustModule } from '../native-modules.js';
-import { nativeInboundContentSessionCreator } from '../utils/crypto-utils.js';
+  type PeerToPeerMessage,
+} from '../types/tunnelbroker/peer-to-peer-message-types.js';
+import { getConfig } from '../utils/config.js';
 
 async function peerToPeerMessageHandler(
   message: PeerToPeerMessage,
+  identityClient: IdentityServiceClient,
 ): Promise<void> {
+  const { olmAPI } = getConfig();
   if (message.type === peerToPeerMessageTypes.OUTBOUND_SESSION_CREATION) {
     try {
-      const result = await nativeInboundContentSessionCreator(message);
+      const { senderInfo, encryptedContent } = message;
+      const { keys } = await identityClient.getInboundKeysForUser(
+        senderInfo.userID,
+      );
+
+      const deviceKeys: ?DeviceOlmInboundKeys = keys[senderInfo.deviceID];
+      if (!deviceKeys) {
+        throw new Error(
+          'No keys for the device that requested creating a session, ' +
+            `deviceID: ${senderInfo.deviceID}`,
+        );
+      }
+
+      await olmAPI.initializeCryptoAccount();
+      const result = await olmAPI.contentInboundSessionCreator(
+        deviceKeys.identityKeysBlob.primaryIdentityPublicKeys,
+        encryptedContent,
+      );
       console.log(
         'Created inbound session with device ' +
           `${message.senderInfo.deviceID}: ${result}`,
@@ -27,8 +47,8 @@
     }
   } else if (message.type === peerToPeerMessageTypes.ENCRYPTED_MESSAGE) {
     try {
-      await commCoreModule.initializeCryptoAccount();
-      const decrypted = await commCoreModule.decrypt(
+      await olmAPI.initializeCryptoAccount();
+      const decrypted = await olmAPI.decrypt(
         message.encryptedContent,
         message.senderInfo.deviceID,
       );
@@ -43,30 +63,10 @@
       );
     }
   } else if (message.type === peerToPeerMessageTypes.REFRESH_KEY_REQUEST) {
-    await commCoreModule.initializeCryptoAccount();
-    const [
-      { userID, deviceID, accessToken },
-      { contentOneTimeKeys, notificationsOneTimeKeys },
-    ] = await Promise.all([
-      commCoreModule.getCommServicesAuthMetadata(),
-      commCoreModule.getOneTimeKeys(message.numberOfKeys),
-    ]);
-
-    if (!userID || !deviceID || !accessToken) {
-      console.log(
-        'CommServicesAuthMetadata is missing when uploading one-time keys',
-      );
-      return;
-    }
-
     try {
-      await commRustModule.uploadOneTimeKeys(
-        userID,
-        deviceID,
-        accessToken,
-        getOneTimeKeyValues(contentOneTimeKeys),
-        getOneTimeKeyValues(notificationsOneTimeKeys),
-      );
+      await olmAPI.initializeCryptoAccount();
+      const oneTimeKeys = await olmAPI.getOneTimeKeys(message.numberOfKeys);
+      await identityClient.uploadOneTimeKeys(oneTimeKeys);
     } catch (e) {
       console.log(`Error uploading one-time keys: ${e.message}`);
     }
diff --git a/lib/tunnelbroker/tunnelbroker-context.js b/lib/tunnelbroker/tunnelbroker-context.js
--- a/lib/tunnelbroker/tunnelbroker-context.js
+++ b/lib/tunnelbroker/tunnelbroker-context.js
@@ -5,6 +5,8 @@
 import uuid from 'uuid';
 
 import { tunnnelbrokerURL } from '../facts/tunnelbroker.js';
+import { peerToPeerMessageHandler } from '../handlers/peer-to-peer-message-handler.js';
+import { IdentityClientContext } from '../shared/identity-client-context.js';
 import { tunnelbrokerHeartbeatTimeout } from '../shared/timeouts.js';
 import type { MessageReceiveConfirmation } from '../types/tunnelbroker/message-receive-confirmation-types.js';
 import type { MessageSentStatus } from '../types/tunnelbroker/message-to-device-request-status-types.js';
@@ -54,7 +56,6 @@
 type Props = {
   +children: React.Node,
   +initMessage: ?ConnectionInitializationMessage,
-  +peerToPeerMessageHandler?: (message: PeerToPeerMessage) => mixed,
 };
 
 function createAnonymousInitMessage(
@@ -68,11 +69,7 @@
 }
 
 function TunnelbrokerProvider(props: Props): React.Node {
-  const {
-    children,
-    initMessage: initMessageProp,
-    peerToPeerMessageHandler,
-  } = props;
+  const { children, initMessage: initMessageProp } = props;
   const [connected, setConnected] = React.useState(false);
   const listeners = React.useRef<Set<TunnelbrokerSocketListener>>(new Set());
   const socket = React.useRef<?WebSocket>(null);
@@ -82,6 +79,10 @@
     React.useState<?string>(null);
   const isAuthorized = !unauthorizedDeviceID;
 
+  const identityContext = React.useContext(IdentityClientContext);
+  invariant(identityContext, 'Identity context should be set');
+  const { identityClient } = identityContext;
+
   const initMessage = React.useMemo(() => {
     if (!unauthorizedDeviceID) {
       return initMessageProp;
@@ -202,10 +203,6 @@
         };
         socket.current?.send(JSON.stringify(confirmation));
 
-        if (!peerToPeerMessageHandler) {
-          return;
-        }
-
         let rawPeerToPeerMessage;
         try {
           rawPeerToPeerMessage = JSON.parse(message.payload);
@@ -222,7 +219,7 @@
           return;
         }
         const peerToPeerMessage: PeerToPeerMessage = rawPeerToPeerMessage;
-        peerToPeerMessageHandler(peerToPeerMessage);
+        void peerToPeerMessageHandler(peerToPeerMessage, identityClient);
       } else if (
         message.type ===
         tunnelbrokerMessageTypes.MESSAGE_TO_DEVICE_REQUEST_STATUS
@@ -257,7 +254,7 @@
     isAuthorized,
     resetHeartbeatTimeout,
     stopHeartbeatTimeout,
-    peerToPeerMessageHandler,
+    identityClient,
   ]);
 
   const sendMessage: (message: ClientMessageToDevice) => Promise<void> =
diff --git a/native/root.react.js b/native/root.react.js
--- a/native/root.react.js
+++ b/native/root.react.js
@@ -49,7 +49,6 @@
 import ConnectedStatusBar from './connected-status-bar.react.js';
 import { SQLiteDataHandler } from './data/sqlite-data-handler.js';
 import ErrorBoundary from './error-boundary.react.js';
-import { peerToPeerMessageHandler } from './handlers/peer-to-peer-message-handler.js';
 import IdentityServiceContextProvider from './identity-service/identity-service-context-provider.react.js';
 import InputStateContainer from './input/input-state-container.react.js';
 import LifecycleHandler from './lifecycle/lifecycle-handler.react.js';
@@ -304,10 +303,7 @@
       <StaffContextProvider>
         <IdentityServiceContextProvider>
           <OlmSessionCreatorProvider>
-            <TunnelbrokerProvider
-              initMessage={tunnelbrokerInitMessage}
-              peerToPeerMessageHandler={peerToPeerMessageHandler}
-            >
+            <TunnelbrokerProvider initMessage={tunnelbrokerInitMessage}>
               <FeatureFlagsProvider>
                 <NavContext.Provider value={navContext}>
                   <RootContext.Provider value={rootContext}>
diff --git a/native/utils/crypto-utils.js b/native/utils/crypto-utils.js
--- a/native/utils/crypto-utils.js
+++ b/native/utils/crypto-utils.js
@@ -5,10 +5,7 @@
   IdentityKeysBlob,
   OLMIdentityKeys,
 } from 'lib/types/crypto-types.js';
-import type {
-  OutboundKeyInfoResponse,
-  InboundKeyInfoResponse,
-} from 'lib/types/identity-service-types';
+import type { OutboundKeyInfoResponse } from 'lib/types/identity-service-types';
 import type { OlmSessionInitializationInfo } from 'lib/types/request-types.js';
 import {
   type OutboundSessionCreation,
@@ -41,51 +38,6 @@
   return ed25519;
 }
 
-async function nativeInboundContentSessionCreator(
-  message: OutboundSessionCreation,
-): Promise<string> {
-  const { senderInfo, encryptedContent } = message;
-
-  const authMetadata = await commCoreModule.getCommServicesAuthMetadata();
-  const { userID, deviceID, accessToken } = authMetadata;
-  if (!userID || !deviceID || !accessToken) {
-    throw new Error('CommServicesAuthMetadata is missing');
-  }
-
-  await commCoreModule.initializeCryptoAccount();
-  const keysResponse = await commRustModule.getInboundKeysForUser(
-    userID,
-    deviceID,
-    accessToken,
-    senderInfo.userID,
-  );
-
-  const inboundKeys: InboundKeyInfoResponse[] = JSON.parse(keysResponse);
-  const deviceKeys: ?InboundKeyInfoResponse = inboundKeys.find(keys => {
-    const keysPayload: IdentityKeysBlob = JSON.parse(keys.payload);
-    return (
-      keysPayload.primaryIdentityPublicKeys.ed25519 === senderInfo.deviceID
-    );
-  });
-
-  if (!deviceKeys) {
-    throw new Error(
-      'No keys for the device that requested creating a session, ' +
-        `deviceID: ${senderInfo.deviceID}`,
-    );
-  }
-  const keysPayload: IdentityKeysBlob = JSON.parse(deviceKeys.payload);
-  const identityKeys = JSON.stringify({
-    curve25519: keysPayload.primaryIdentityPublicKeys.curve25519,
-    ed25519: keysPayload.primaryIdentityPublicKeys.ed25519,
-  });
-  return commCoreModule.initializeContentInboundSession(
-    identityKeys,
-    encryptedContent,
-    keysPayload.primaryIdentityPublicKeys.ed25519,
-  );
-}
-
 function nativeOutboundContentSessionCreator(
   contentIdentityKeys: OLMIdentityKeys,
   contentInitializationInfo: OlmSessionInitializationInfo,
@@ -175,7 +127,6 @@
 export {
   getContentSigningKey,
   nativeNotificationsSessionCreator,
-  nativeInboundContentSessionCreator,
   createOlmSessionsWithOwnDevices,
   nativeOutboundContentSessionCreator,
 };