diff --git a/lib/encryption/key_manager.dart b/lib/encryption/key_manager.dart
index f2b3f302..d61706fb 100644
--- a/lib/encryption/key_manager.dart
+++ b/lib/encryption/key_manager.dart
@@ -829,7 +829,7 @@ class KeyManager {
         } else if (device.encryptToDevice &&
             session.allowedAtIndex
                     .tryGet<Map<String, dynamic>>(device.userId)
-                    ?.tryGet(device.deviceId) !=
+                    ?.tryGet(device.curve25519Key) !=
                 null) {
           // if we know the user may see the message, then we can just forward the key.
           // we do not need to check if the device is verified, just if it is not blocked,
diff --git a/test/encryption/key_request_test.dart b/test/encryption/key_request_test.dart
index ed748498..80d7dbd0 100644
--- a/test/encryption/key_request_test.dart
+++ b/test/encryption/key_request_test.dart
@@ -122,7 +122,8 @@ void main() {
       // test a successful foreign share
       FakeMatrixApi.calledEndpoints.clear();
       session.allowedAtIndex['@test:fakeServer.notExisting'] = <String, int>{
-        'OTHERDEVICE': 0,
+        matrix.userDeviceKeys['@test:fakeServer.notExisting']
+            .deviceKeys['OTHERDEVICE'].curve25519Key: 0,
       };
       event = ToDeviceEvent(
           sender: '@test:fakeServer.notExisting',