diff --git a/core/startos/Cargo.toml b/core/startos/Cargo.toml
index 301602e2d..8106c800b 100644
--- a/core/startos/Cargo.toml
+++ b/core/startos/Cargo.toml
@@ -70,11 +70,12 @@ current_platform = "0.2.0"
 digest = "0.10.7"
 divrem = "1.0.0"
 ed25519 = { version = "2.2.3", features = ["pkcs8", "pem", "alloc"] }
-ed25519-dalek = { version = "2.0.0", features = [
+ed25519-dalek = { version = "2.1.1", features = [
   "serde",
   "zeroize",
   "rand_core",
   "digest",
+  "pkcs8"
 ] }
 ed25519-dalek-v1 = { package = "ed25519-dalek", version = "1" }
 emver = { version = "0.1.7", git = "https://github.com/Start9Labs/emver-rs.git", features = [
diff --git a/core/startos/src/db/model/package.rs b/core/startos/src/db/model/package.rs
index 05d6e73b7..fc3c2751c 100644
--- a/core/startos/src/db/model/package.rs
+++ b/core/startos/src/db/model/package.rs
@@ -10,11 +10,11 @@ use reqwest::Url;
 use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
-use crate::net::host::HostInfo;
 use crate::prelude::*;
 use crate::progress::FullProgress;
 use crate::s9pk::manifest::Manifest;
 use crate::status::Status;
+use crate::{net::host::HostInfo, util::serde::Pem};
 
 #[derive(Debug, Default, Deserialize, Serialize)]
 pub struct AllPackageData(pub BTreeMap<PackageId, PackageDataEntry>);
@@ -294,9 +294,7 @@ pub struct PackageDataEntry {
     pub state_info: PackageState,
     pub status: Status,
     pub marketplace_url: Option<Url>,
-    #[serde(default)]
-    #[serde(with = "crate::util::serde::ed25519_pubkey")]
-    pub developer_key: ed25519_dalek::VerifyingKey,
+    pub developer_key: Pem<ed25519_dalek::VerifyingKey>,
     pub icon: DataUrl<'static>,
     pub last_backup: Option<DateTime<Utc>>,
     pub dependency_info: BTreeMap<PackageId, StaticDependencyInfo>,
diff --git a/core/startos/src/service/mod.rs b/core/startos/src/service/mod.rs
index 2feb4ca34..a10857c5a 100644
--- a/core/startos/src/service/mod.rs
+++ b/core/startos/src/service/mod.rs
@@ -12,7 +12,6 @@ use serde::{Deserialize, Serialize};
 use start_stop::StartStop;
 use tokio::sync::Notify;
 
-use crate::action::ActionResult;
 use crate::config::action::ConfigRes;
 use crate::context::{CliContext, RpcContext};
 use crate::core::rpc_continuations::RequestGuid;
@@ -30,6 +29,7 @@ use crate::status::health_check::HealthCheckResult;
 use crate::status::MainStatus;
 use crate::util::actor::{Actor, BackgroundJobs, SimpleActor};
 use crate::volume::data_dir;
+use crate::{action::ActionResult, util::serde::Pem};
 
 pub mod cli;
 mod config;
@@ -280,7 +280,7 @@ impl Service {
                 entry
                     .as_state_info_mut()
                     .ser(&PackageState::Installed(InstalledState { manifest }))?;
-                entry.as_developer_key_mut().ser(&developer_key)?;
+                entry.as_developer_key_mut().ser(&Pem::new(developer_key))?;
                 entry.as_icon_mut().ser(&icon)?;
                 // TODO: marketplace url
                 // TODO: dependency info
diff --git a/core/startos/src/service/service_map.rs b/core/startos/src/service/service_map.rs
index 1a9d2342c..e56b1d7dd 100644
--- a/core/startos/src/service/service_map.rs
+++ b/core/startos/src/service/service_map.rs
@@ -10,7 +10,6 @@ use imbl_value::InternedString;
 use tokio::sync::{Mutex, OwnedRwLockReadGuard, OwnedRwLockWriteGuard, RwLock};
 use tracing::instrument;
 
-use crate::context::RpcContext;
 use crate::db::model::package::{
     InstallingInfo, InstallingState, PackageDataEntry, PackageState, UpdatingState,
 };
@@ -27,6 +26,7 @@ use crate::s9pk::merkle_archive::source::FileSource;
 use crate::s9pk::S9pk;
 use crate::service::{LoadDisposition, Service};
 use crate::status::{MainStatus, Status};
+use crate::{context::RpcContext, util::serde::Pem};
 
 pub type DownloadInstallFuture = BoxFuture<'static, Result<InstallFuture, Error>>;
 pub type InstallFuture = BoxFuture<'static, Result<(), Error>>;
@@ -167,7 +167,7 @@ impl ServiceMap {
                                     dependency_config_errors: Default::default(),
                                 },
                                 marketplace_url: None,
-                                developer_key,
+                                developer_key: Pem::new(developer_key),
                                 icon,
                                 last_backup: None,
                                 dependency_info: Default::default(),
diff --git a/core/startos/src/util/serde.rs b/core/startos/src/util/serde.rs
index de25e0505..cd414f66e 100644
--- a/core/startos/src/util/serde.rs
+++ b/core/startos/src/util/serde.rs
@@ -1128,6 +1128,18 @@ impl PemEncoding for ssh_key::PrivateKey {
     }
 }
 
+impl PemEncoding for ed25519_dalek::VerifyingKey {
+    fn from_pem<E: serde::de::Error>(pem: &str) -> Result<Self, E> {
+        use ed25519_dalek::pkcs8::DecodePublicKey;
+        ed25519_dalek::VerifyingKey::from_public_key_pem(pem).map_err(E::custom)
+    }
+    fn to_pem<E: serde::ser::Error>(&self) -> Result<String, E> {
+        use ed25519_dalek::pkcs8::EncodePublicKey;
+        self.to_public_key_pem(pkcs8::LineEnding::LF)
+            .map_err(E::custom)
+    }
+}
+
 pub mod pem {
     use serde::{Deserialize, Deserializer, Serializer};