diff --git a/bookwyrm/incoming.py b/bookwyrm/incoming.py
index b5b2523dc..9a7c6e633 100644
--- a/bookwyrm/incoming.py
+++ b/bookwyrm/incoming.py
@@ -96,6 +96,8 @@ def has_valid_signature(request, activity):
             raise ValueError("Wrong actor created signature.")
 
         remote_user = activitypub.resolve_remote_id(models.User, key_actor)
+        if not remote_user:
+            return False
 
         try:
             signature.verify(remote_user.key_pair.public_key, request)
diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py
index dbb88d8a2..a3e1fcccc 100644
--- a/bookwyrm/signatures.py
+++ b/bookwyrm/signatures.py
@@ -31,7 +31,7 @@ def make_signature(sender, destination, date, digest):
         'digest: %s' % digest,
     ]
     message_to_sign = '\n'.join(signature_headers)
-    signer = pkcs1_15.new(RSA.import_key(sender.private_key))
+    signer = pkcs1_15.new(RSA.import_key(sender.key_pair.private_key))
     signed_message = signer.sign(SHA256.new(message_to_sign.encode('utf8')))
     signature = {
         'keyId': '%s#main-key' % sender.remote_id,
diff --git a/bookwyrm/tests/test_signing.py b/bookwyrm/tests/test_signing.py
index 129a4333c..58e8cb7f3 100644
--- a/bookwyrm/tests/test_signing.py
+++ b/bookwyrm/tests/test_signing.py
@@ -25,20 +25,23 @@ def get_follow_data(follower, followee):
     ).serialize()
     return json.dumps(follow_activity)
 
-Sender = namedtuple('Sender', ('remote_id', 'private_key', 'public_key'))
+KeyPair = namedtuple('KeyPair', ('private_key', 'public_key'))
+Sender = namedtuple('Sender', ('remote_id', 'key_pair'))
 
 class Signature(TestCase):
     def setUp(self):
-        self.mouse = User.objects.create_user('mouse', 'mouse@example.com', '')
-        self.rat = User.objects.create_user('rat', 'rat@example.com', '')
-        self.cat = User.objects.create_user('cat', 'cat@example.com', '')
+        self.mouse = User.objects.create_user(
+            'mouse', 'mouse@example.com', '', local=True)
+        self.rat = User.objects.create_user(
+            'rat', 'rat@example.com', '', local=True)
+        self.cat = User.objects.create_user(
+            'cat', 'cat@example.com', '', local=True)
 
         private_key, public_key = create_key_pair()
 
         self.fake_remote = Sender(
             'http://localhost/user/remote',
-            private_key,
-            public_key,
+            KeyPair(private_key, public_key)
         )
 
     def send(self, signature, now, data, digest):
@@ -89,7 +92,7 @@ class Signature(TestCase):
         datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
         data = json.loads(datafile.read_bytes())
         data['id'] = self.fake_remote.remote_id
-        data['publicKey']['publicKeyPem'] = self.fake_remote.public_key
+        data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key
         del data['icon'] # Avoid having to return an avatar.
         responses.add(
             responses.GET,
@@ -116,7 +119,7 @@ class Signature(TestCase):
         datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
         data = json.loads(datafile.read_bytes())
         data['id'] = self.fake_remote.remote_id
-        data['publicKey']['publicKeyPem'] = self.fake_remote.public_key
+        data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key
         del data['icon'] # Avoid having to return an avatar.
         responses.add(
             responses.GET,