diff --git a/services/identity/src/device_list.rs b/services/identity/src/device_list.rs
--- a/services/identity/src/device_list.rs
+++ b/services/identity/src/device_list.rs
@@ -195,7 +195,7 @@
   if let Some(signature) = &new_device_list.current_primary_signature {
     crate::grpc_utils::ed25519_verify(
       primary_device_id,
-      &new_device_list.raw_payload,
+      new_device_list.raw_payload.as_bytes(),
       signature,
     )
     .map_err(|err| {
@@ -211,7 +211,7 @@
   ) {
     crate::grpc_utils::ed25519_verify(
       previous_primary_id,
-      &new_device_list.raw_payload,
+      new_device_list.raw_payload.as_bytes(),
       last_signature,
     )
     .map_err(|err| {
@@ -249,7 +249,7 @@
     (Some(last_signature), Some(last_signing_public_key)) => {
       crate::grpc_utils::ed25519_verify(
         last_signing_public_key,
-        &device_list.raw_payload,
+        device_list.raw_payload.as_bytes(),
         last_signature,
       )?;
     }
@@ -262,7 +262,7 @@
 
   crate::grpc_utils::ed25519_verify(
     expected_primary_device_id,
-    &device_list.raw_payload,
+    device_list.raw_payload.as_bytes(),
     signature,
   )?;
 
diff --git a/services/identity/src/grpc_utils.rs b/services/identity/src/grpc_utils.rs
--- a/services/identity/src/grpc_utils.rs
+++ b/services/identity/src/grpc_utils.rs
@@ -52,7 +52,7 @@
     self,
     signing_public_key: &str,
   ) -> Result<String, Status> {
-    ed25519_verify(signing_public_key, &self.nonce, &self.signature)?;
+    ed25519_verify(signing_public_key, self.nonce.as_bytes(), &self.signature)?;
     Ok(self.nonce)
   }
 }
@@ -60,12 +60,12 @@
 /// Verifies ed25519-signed message. Returns Ok if the signature is valid.
 /// Public key and signature should be base64-encoded strings.
 pub fn ed25519_verify(
-  signing_public_key: &str,
-  message: &str,
-  signature: &str,
+  signing_public_key_base64: &str,
+  message_bytes: &[u8],
+  signature_base64: &str,
 ) -> Result<(), Status> {
   let signature_bytes = general_purpose::STANDARD_NO_PAD
-    .decode(signature)
+    .decode(signature_base64)
     .map_err(|_| {
       Status::invalid_argument(tonic_status_messages::SIGNATURE_INVALID)
     })?;
@@ -75,7 +75,7 @@
   })?;
 
   let public_key_bytes = general_purpose::STANDARD_NO_PAD
-    .decode(signing_public_key)
+    .decode(signing_public_key_base64)
     .map_err(|_| {
       Status::failed_precondition(tonic_status_messages::MALFORMED_KEY)
     })?;
@@ -85,11 +85,9 @@
       Status::failed_precondition(tonic_status_messages::MALFORMED_KEY)
     })?;
 
-  public_key
-    .verify(message.as_bytes(), &signature)
-    .map_err(|_| {
-      Status::permission_denied(tonic_status_messages::VERIFICATION_FAILED)
-    })?;
+  public_key.verify(message_bytes, &signature).map_err(|_| {
+    Status::permission_denied(tonic_status_messages::VERIFICATION_FAILED)
+  })?;
   Ok(())
 }
 
diff --git a/services/identity/src/reserved_users.rs b/services/identity/src/reserved_users.rs
--- a/services/identity/src/reserved_users.rs
+++ b/services/identity/src/reserved_users.rs
@@ -63,7 +63,7 @@
 
   crate::grpc_utils::ed25519_verify(
     public_key_string,
-    keyserver_message,
+    keyserver_message.as_bytes(),
     keyserver_signature,
   )?;