diff --git a/ts/test-electron/MessageReceiver_test.ts b/ts/test-electron/MessageReceiver_test.ts
index 006f82d81b..151740e20a 100644
--- a/ts/test-electron/MessageReceiver_test.ts
+++ b/ts/test-electron/MessageReceiver_test.ts
@@ -13,6 +13,7 @@ import { generateAci } from '../types/ServiceId';
 import type { AciString } from '../types/ServiceId';
 import { SignalService as Proto } from '../protobuf';
 import * as Crypto from '../Crypto';
+import { toBase64 } from '../Bytes';
 
 describe('MessageReceiver', () => {
   const someAci = generateAci();
@@ -37,9 +38,12 @@ describe('MessageReceiver', () => {
 
   describe('connecting', () => {
     it('generates decryption-error event when it cannot decrypt', async () => {
+      const fakeTrustRootPublicKey = Crypto.getRandomBytes(33);
+      fakeTrustRootPublicKey.set([5], 0); // first byte is the key type (5)
+
       const messageReceiver = new MessageReceiver({
         storage: window.storage,
-        serverTrustRoot: 'AAAAAAAA',
+        serverTrustRoot: toBase64(fakeTrustRootPublicKey),
       });
 
       const body = Proto.Envelope.encode({
diff --git a/ts/textsecure/MessageReceiver.ts b/ts/textsecure/MessageReceiver.ts
index 2612477f15..48a39f4917 100644
--- a/ts/textsecure/MessageReceiver.ts
+++ b/ts/textsecure/MessageReceiver.ts
@@ -300,7 +300,7 @@ export default class MessageReceiver
   #encryptedQueue: PQueue;
   #decryptedQueue: PQueue;
   #retryCachedTimeout: NodeJS.Timeout | undefined;
-  #serverTrustRoot: Uint8Array;
+  #serverTrustRoot: PublicKey;
   #stoppingProcessing?: boolean;
   #pniIdentityKeyCheckRequired?: boolean;
 
@@ -315,7 +315,9 @@ export default class MessageReceiver
     if (!serverTrustRoot) {
       throw new Error('Server trust root is required!');
     }
-    this.#serverTrustRoot = Bytes.fromBase64(serverTrustRoot);
+    this.#serverTrustRoot = PublicKey.deserialize(
+      Buffer.from(Bytes.fromBase64(serverTrustRoot))
+    );
 
     this.#incomingQueue = new PQueue({
       concurrency: 1,
@@ -1637,12 +1639,7 @@ export default class MessageReceiver
       `${logId}: Sealed sender message was missing serverTimestamp`
     );
 
-    if (
-      !certificate.validate(
-        PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)),
-        serverTimestamp
-      )
-    ) {
+    if (!certificate.validate(this.#serverTrustRoot, serverTimestamp)) {
       throw new Error(`${logId}: Sealed sender certificate validation failed`);
     }
 
@@ -1794,7 +1791,7 @@ export default class MessageReceiver
       () =>
         sealedSenderDecryptMessage(
           Buffer.from(ciphertext),
-          PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)),
+          this.#serverTrustRoot,
           envelope.serverTimestamp,
           localE164 || null,
           destinationServiceId,