diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock
--- a/services/identity/Cargo.lock
+++ b/services/identity/Cargo.lock
@@ -461,9 +461,9 @@
 
 [[package]]
 name = "base64"
-version = "0.21.0"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a"
+checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d"
 
 [[package]]
 name = "base64-simd"
@@ -1476,6 +1476,7 @@
 dependencies = [
  "aws-config",
  "aws-sdk-dynamodb",
+ "base64",
  "bytes",
  "chrono",
  "clap",
diff --git a/services/identity/Cargo.toml b/services/identity/Cargo.toml
--- a/services/identity/Cargo.toml
+++ b/services/identity/Cargo.toml
@@ -33,6 +33,7 @@
 serde_json = "1.0.95"
 moka = { version = "0.10", features = ["future"] }
 uuid = { version = "1.3", features = [ "v4" ] }
+base64 = "0.21.2"
 
 [build-dependencies]
 tonic-build = "0.9.1"
diff --git a/services/identity/src/reserved_users.rs b/services/identity/src/reserved_users.rs
--- a/services/identity/src/reserved_users.rs
+++ b/services/identity/src/reserved_users.rs
@@ -1,5 +1,4 @@
-use std::str::FromStr;
-
+use base64::{engine::general_purpose, Engine as _};
 use chrono::{DateTime, Utc};
 use constant_time_eq::constant_time_eq;
 use ed25519_dalek::{PublicKey, Signature, Verifier};
@@ -9,6 +8,7 @@
 use crate::config::CONFIG;
 
 #[derive(Deserialize)]
+#[serde(rename_all = "camelCase")]
 struct ReservedUsernameMessage {
   statement: String,
   username: String,
@@ -38,7 +38,11 @@
     return Err(Status::invalid_argument("message invalid"));
   }
 
-  let signature = Signature::from_str(keyserver_signature)
+  let signature_bytes = general_purpose::STANDARD_NO_PAD
+    .decode(keyserver_signature)
+    .map_err(|_| Status::invalid_argument("signature invalid"))?;
+
+  let signature = Signature::from_bytes(&signature_bytes)
     .map_err(|_| Status::invalid_argument("signature invalid"))?;
 
   let public_key_string = CONFIG
@@ -46,9 +50,12 @@
     .clone()
     .ok_or(Status::failed_precondition("missing key"))?;
 
-  let public_key: PublicKey =
-    PublicKey::from_bytes(public_key_string.as_bytes())
-      .map_err(|_| Status::failed_precondition("malformed key"))?;
+  let public_key_bytes = general_purpose::STANDARD_NO_PAD
+    .decode(public_key_string)
+    .map_err(|_| Status::failed_precondition("malformed key"))?;
+
+  let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)
+    .map_err(|_| Status::failed_precondition("malformed key"))?;
 
   public_key
     .verify(keyserver_message.as_bytes(), &signature)