diff --git a/src/_zkapauthorizer/_storage_client.py b/src/_zkapauthorizer/_storage_client.py
index 1add745801a8ebaded010f0b937a7d3d54eae336..e8fe8c468507c60ea0fad0672798605c4f8ce62b 100644
--- a/src/_zkapauthorizer/_storage_client.py
+++ b/src/_zkapauthorizer/_storage_client.py
@@ -355,7 +355,7 @@ class ZKAPAuthorizerStorageClient(object):
             num_passes,
             partial(
                 self._get_passes,
-                allocate_buckets_message(storage_index).encode("utf-8"),
+                allocate_buckets_message(storage_index),
             ),
             partial(self._spend_for_allocate_buckets, allocated_size),
         )
@@ -398,7 +398,7 @@ class ZKAPAuthorizerStorageClient(object):
                 cancel_secret,
             ),
             num_passes,
-            partial(self._get_passes, add_lease_message(storage_index).encode("utf-8")),
+            partial(self._get_passes, add_lease_message(storage_index)),
         )
         returnValue(result)
 
@@ -503,7 +503,7 @@ class ZKAPAuthorizerStorageClient(object):
             num_passes,
             partial(
                 self._get_passes,
-                slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+                slot_testv_and_readv_and_writev_message(storage_index),
             ),
         )
         returnValue(result)
diff --git a/src/_zkapauthorizer/_storage_server.py b/src/_zkapauthorizer/_storage_server.py
index b2e45e2a136c7bf9aba11983ee129cb3156ab216..aa11097ae705904c287babd26905ab05e6b52bf1 100644
--- a/src/_zkapauthorizer/_storage_server.py
+++ b/src/_zkapauthorizer/_storage_server.py
@@ -270,7 +270,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
         storage for immutable shares if they present valid passes.
         """
         validation = _ValidationResult.validate_passes(
-            allocate_buckets_message(storage_index).encode("utf-8"),
+            allocate_buckets_message(storage_index),
             passes,
             self._signing_key,
         )
@@ -353,7 +353,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
         duration of share storage if they present valid passes.
         """
         validation = _ValidationResult.validate_passes(
-            add_lease_message(storage_index).encode("utf-8"),
+            add_lease_message(storage_index),
             passes,
             self._signing_key,
         )
@@ -461,7 +461,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
 
         # Check passes for cryptographic validity.
         validation = _ValidationResult.validate_passes(
-            slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(storage_index),
             passes,
             self._signing_key,
         )
diff --git a/src/_zkapauthorizer/storage_common.py b/src/_zkapauthorizer/storage_common.py
index 34360810d439c53a4336df8ab0d8dc2b7b82b575..db04c1f650eae7b35a95a5eec6c6896103d2e0d3 100644
--- a/src/_zkapauthorizer/storage_common.py
+++ b/src/_zkapauthorizer/storage_common.py
@@ -17,6 +17,7 @@ Functionality shared between the storage client and server.
 """
 
 from base64 import b64encode
+from typing import Callable
 
 import attr
 from pyutil.mathutil import div_ceil
@@ -46,12 +47,12 @@ class MorePassesRequired(Exception):
     signature_check_failed = attr.ib(converter=frozenset)
 
 
-def _message_maker(label):
+def _message_maker(label: str) -> Callable[[str], bytes]:
     def make_message(storage_index):
         return "{label} {storage_index}".format(
             label=label,
-            storage_index=b64encode(storage_index).decode("utf-8"),
-        )
+            storage_index=b64encode(storage_index).decode("ascii"),
+        ).encode("ascii")
 
     return make_message
 
diff --git a/src/_zkapauthorizer/tests/test_storage_protocol.py b/src/_zkapauthorizer/tests/test_storage_protocol.py
index 3a218042cae99c242eb9339a0828df07086e8924..c225487cc981ac1b92ee79382a3a209e84171314 100644
--- a/src/_zkapauthorizer/tests/test_storage_protocol.py
+++ b/src/_zkapauthorizer/tests/test_storage_protocol.py
@@ -235,14 +235,14 @@ class ShareTests(TestCase):
 
         # Make some passes with a key untrusted by the server.
         bad_passes = get_passes(
-            allocate_buckets_message(storage_index).encode("utf-8"),
+            allocate_buckets_message(storage_index),
             len(bad_pass_indexes),
             random_signing_key(),
         )
 
         # Make some passes with a key trusted by the server.
         good_passes = get_passes(
-            allocate_buckets_message(storage_index).encode("utf-8"),
+            allocate_buckets_message(storage_index),
             num_passes - len(bad_passes),
             self.signing_key,
         )
diff --git a/src/_zkapauthorizer/tests/test_storage_server.py b/src/_zkapauthorizer/tests/test_storage_server.py
index d4829914fff230ff4cda8102905b1a70cf8fd6de..73a0001fc38d5924d133d09682effa3c20727eb0 100644
--- a/src/_zkapauthorizer/tests/test_storage_server.py
+++ b/src/_zkapauthorizer/tests/test_storage_server.py
@@ -241,7 +241,7 @@ class PassValidationTests(TestCase):
         renew_secret = b"x" * 32
         cancel_secret = b"y" * 32
         valid_passes = get_passes(
-            allocate_buckets_message(storage_index).encode("utf-8"),
+            allocate_buckets_message(storage_index),
             required_passes - 1,
             self.signing_key,
         )
@@ -343,7 +343,7 @@ class PassValidationTests(TestCase):
         )
 
         valid_passes = get_passes(
-            slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(storage_index),
             required_pass_count,
             self.signing_key,
         )
@@ -479,7 +479,7 @@ class PassValidationTests(TestCase):
             tw_vectors,
         )
         valid_passes = get_passes(
-            slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(storage_index),
             required_pass_count,
             self.signing_key,
         )
@@ -548,7 +548,7 @@ class PassValidationTests(TestCase):
 
         # Attempt the lease operation with one fewer pass than is required.
         passes = get_passes(
-            add_lease_message(storage_index).encode("utf-8"),
+            add_lease_message(storage_index),
             required_count - 1,
             self.signing_key,
         )
@@ -612,7 +612,7 @@ class PassValidationTests(TestCase):
             tw_vectors,
         )
         valid_passes = get_passes(
-            slot_testv_and_readv_and_writev_message(slot).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(slot),
             required_pass_count,
             self.signing_key,
         )
@@ -676,7 +676,7 @@ class PassValidationTests(TestCase):
             tw_vectors,
         )
         valid_passes = get_passes(
-            slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(storage_index),
             num_passes,
             self.signing_key,
         )
@@ -737,7 +737,7 @@ class PassValidationTests(TestCase):
             tw_vectors,
         )
         valid_passes = get_passes(
-            slot_testv_and_readv_and_writev_message(storage_index).encode("utf-8"),
+            slot_testv_and_readv_and_writev_message(storage_index),
             num_passes,
             self.signing_key,
         )
@@ -818,7 +818,7 @@ class PassValidationTests(TestCase):
             [size] * len(new_sharenums - existing_sharenums),
         )
         valid_passes = get_passes(
-            allocate_buckets_message(storage_index).encode("utf-8"),
+            allocate_buckets_message(storage_index),
             num_passes,
             self.signing_key,
         )
@@ -885,7 +885,7 @@ class PassValidationTests(TestCase):
             self.storage_server._pass_value, [allocated_size] * len(sharenums)
         )
         valid_passes = get_passes(
-            add_lease_message(storage_index).encode("utf-8"),
+            add_lease_message(storage_index),
             num_passes,
             self.signing_key,
         )
@@ -946,7 +946,7 @@ class PassValidationTests(TestCase):
             self.storage_server._pass_value, [allocated_size] * len(sharenums)
         )
         valid_passes = get_passes(
-            add_lease_message(storage_index).encode("utf-8"),
+            add_lease_message(storage_index),
             num_passes,
             self.signing_key,
         )