diff --git a/crypto/goolm/base64.go b/crypto/goolm/base64.go
deleted file mode 100644
index 229008cf..00000000
--- a/crypto/goolm/base64.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package goolm
-
-import (
-	"encoding/base64"
-)
-
-// Deprecated: base64.RawStdEncoding should be used directly
-func Base64Decode(input []byte) ([]byte, error) {
-	decoded := make([]byte, base64.RawStdEncoding.DecodedLen(len(input)))
-	writtenBytes, err := base64.RawStdEncoding.Decode(decoded, input)
-	if err != nil {
-		return nil, err
-	}
-	return decoded[:writtenBytes], nil
-}
-
-// Deprecated: base64.RawStdEncoding should be used directly
-func Base64Encode(input []byte) []byte {
-	encoded := make([]byte, base64.RawStdEncoding.EncodedLen(len(input)))
-	base64.RawStdEncoding.Encode(encoded, input)
-	return encoded
-}
diff --git a/crypto/goolm/cipher/pickle.go b/crypto/goolm/cipher/pickle.go
index 670ff6ff..c1f1f90a 100644
--- a/crypto/goolm/cipher/pickle.go
+++ b/crypto/goolm/cipher/pickle.go
@@ -1,6 +1,7 @@
 package cipher
 
 import (
+	"encoding/base64"
 	"fmt"
 
 	"maunium.net/go/mautrix/crypto/goolm"
@@ -28,14 +29,13 @@ func Pickle(key, input []byte) ([]byte, error) {
 		return nil, err
 	}
 	ciphertext = append(ciphertext, mac[:pickleMACLength]...)
-	encoded := goolm.Base64Encode(ciphertext)
-	return encoded, nil
+	return []byte(base64.RawStdEncoding.EncodeToString(ciphertext)), nil
 }
 
 // Unpickle decodes the input from base64 and decrypts the decoded input with the key and the cipher AESSHA256.
 func Unpickle(key, input []byte) ([]byte, error) {
 	pickleCipher := NewAESSHA256([]byte(kdfPickle))
-	ciphertext, err := goolm.Base64Decode(input)
+	ciphertext, err := base64.RawStdEncoding.DecodeString(string(input))
 	if err != nil {
 		return nil, err
 	}
diff --git a/crypto/goolm/megolm/megolm.go b/crypto/goolm/megolm/megolm.go
index c3493f7b..6308b49b 100644
--- a/crypto/goolm/megolm/megolm.go
+++ b/crypto/goolm/megolm/megolm.go
@@ -3,6 +3,7 @@ package megolm
 
 import (
 	"crypto/rand"
+	"encoding/base64"
 	"fmt"
 
 	"maunium.net/go/mautrix/crypto/goolm"
@@ -154,21 +155,21 @@ func (r *Ratchet) Encrypt(plaintext []byte, key *crypto.Ed25519KeyPair) ([]byte,
 
 // SessionSharingMessage creates a message in the session sharing format.
 func (r Ratchet) SessionSharingMessage(key crypto.Ed25519KeyPair) ([]byte, error) {
-	m := message.MegolmSessionSharing{}
-	m.Counter = r.Counter
-	m.RatchetData = r.Data
-	encoded := m.EncodeAndSign(key)
-	return goolm.Base64Encode(encoded), nil
+	m := message.MegolmSessionSharing{
+		Counter:     r.Counter,
+		RatchetData: r.Data,
+	}
+	return []byte(base64.RawStdEncoding.EncodeToString(m.EncodeAndSign(key))), nil
 }
 
 // SessionExportMessage creates a message in the session export format.
 func (r Ratchet) SessionExportMessage(key crypto.Ed25519PublicKey) ([]byte, error) {
-	m := message.MegolmSessionExport{}
-	m.Counter = r.Counter
-	m.RatchetData = r.Data
-	m.PublicKey = key
-	encoded := m.Encode()
-	return goolm.Base64Encode(encoded), nil
+	m := message.MegolmSessionExport{
+		Counter:     r.Counter,
+		RatchetData: r.Data,
+		PublicKey:   key,
+	}
+	return []byte(base64.RawStdEncoding.EncodeToString(m.Encode())), nil
 }
 
 // Decrypt decrypts the ciphertext and verifies the MAC but not the signature.
diff --git a/crypto/goolm/pk/decryption.go b/crypto/goolm/pk/decryption.go
index 3fb3c2a5..8798e73b 100644
--- a/crypto/goolm/pk/decryption.go
+++ b/crypto/goolm/pk/decryption.go
@@ -65,7 +65,7 @@ func (s Decryption) Decrypt(ciphertext, mac []byte, key id.Curve25519) ([]byte,
 	if err != nil {
 		return nil, err
 	}
-	decodedMAC, err := goolm.Base64Decode(mac)
+	decodedMAC, err := base64.RawStdEncoding.DecodeString(string(mac))
 	if err != nil {
 		return nil, err
 	}
diff --git a/crypto/goolm/pk/encryption.go b/crypto/goolm/pk/encryption.go
index dc50a6bb..f46cdb6c 100644
--- a/crypto/goolm/pk/encryption.go
+++ b/crypto/goolm/pk/encryption.go
@@ -5,7 +5,6 @@ import (
 
 	"maunium.net/go/mautrix/id"
 
-	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/cipher"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 )
@@ -45,5 +44,5 @@ func (e Encryption) Encrypt(plaintext []byte, privateKey crypto.Curve25519Privat
 	if err != nil {
 		return nil, nil, err
 	}
-	return ciphertext, goolm.Base64Encode(mac), nil
+	return ciphertext, []byte(base64.RawStdEncoding.EncodeToString(mac)), nil
 }
diff --git a/crypto/goolm/pk/pk_test.go b/crypto/goolm/pk/pk_test.go
index 91bab5b9..e0bc9f05 100644
--- a/crypto/goolm/pk/pk_test.go
+++ b/crypto/goolm/pk/pk_test.go
@@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	"testing"
 
-	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 	"maunium.net/go/mautrix/crypto/goolm/pk"
 	"maunium.net/go/mautrix/id"
@@ -67,7 +66,7 @@ func TestSigning(t *testing.T) {
 	message := []byte("We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.")
 	signing, _ := pk.NewSigningFromSeed(seed)
 	signature := signing.Sign(message)
-	signatureDecoded, err := goolm.Base64Decode(signature)
+	signatureDecoded, err := base64.RawStdEncoding.DecodeString(string(signature))
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/crypto/goolm/pk/signing.go b/crypto/goolm/pk/signing.go
index 046838ff..0ae93730 100644
--- a/crypto/goolm/pk/signing.go
+++ b/crypto/goolm/pk/signing.go
@@ -2,8 +2,8 @@ package pk
 
 import (
 	"crypto/rand"
+	"encoding/base64"
 
-	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 	"maunium.net/go/mautrix/id"
 )
@@ -34,8 +34,7 @@ func NewSigning() (*Signing, error) {
 
 // Sign returns the signature of the message base64 encoded.
 func (s Signing) Sign(message []byte) []byte {
-	signature := s.KeyPair.Sign(message)
-	return goolm.Base64Encode(signature)
+	return []byte(base64.RawStdEncoding.EncodeToString(s.KeyPair.Sign(message)))
 }
 
 // PublicKey returns the public key of the key pair base 64 encoded.
diff --git a/crypto/goolm/sas/main.go b/crypto/goolm/sas/main.go
index 7337d5f9..eeeb3e02 100644
--- a/crypto/goolm/sas/main.go
+++ b/crypto/goolm/sas/main.go
@@ -2,9 +2,9 @@
 package sas
 
 import (
+	"encoding/base64"
 	"io"
 
-	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 )
 
@@ -28,12 +28,12 @@ func New() (*SAS, error) {
 
 // GetPubkey returns the public key of the key pair base64 encoded
 func (s SAS) GetPubkey() []byte {
-	return goolm.Base64Encode(s.KeyPair.PublicKey)
+	return []byte(base64.RawStdEncoding.EncodeToString(s.KeyPair.PublicKey))
 }
 
 // SetTheirKey sets the key of the other party and computes the shared secret.
 func (s *SAS) SetTheirKey(key []byte) error {
-	keyDecoded, err := goolm.Base64Decode(key)
+	keyDecoded, err := base64.RawStdEncoding.DecodeString(string(key))
 	if err != nil {
 		return err
 	}
@@ -61,8 +61,7 @@ func (s *SAS) calculateMAC(input, info []byte, length uint) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	mac := crypto.HMACSHA256(key, input)
-	return goolm.Base64Encode(mac), nil
+	return []byte(base64.RawStdEncoding.EncodeToString(crypto.HMACSHA256(key, input))), nil
 }
 
 // CalculateMACFixes returns a base64 encoded, 32 byte long MAC of input.
diff --git a/crypto/goolm/session/megolm_inbound_session.go b/crypto/goolm/session/megolm_inbound_session.go
index 165f7f16..c65d5cd7 100644
--- a/crypto/goolm/session/megolm_inbound_session.go
+++ b/crypto/goolm/session/megolm_inbound_session.go
@@ -31,7 +31,7 @@ type MegolmInboundSession struct {
 // NewMegolmInboundSession creates a new MegolmInboundSession from a base64 encoded session sharing message.
 func NewMegolmInboundSession(input []byte) (*MegolmInboundSession, error) {
 	var err error
-	input, err = goolm.Base64Decode(input)
+	input, err = base64.RawStdEncoding.DecodeString(string(input))
 	if err != nil {
 		return nil, err
 	}
@@ -55,7 +55,7 @@ func NewMegolmInboundSession(input []byte) (*MegolmInboundSession, error) {
 // NewMegolmInboundSessionFromExport creates a new MegolmInboundSession from a base64 encoded session export message.
 func NewMegolmInboundSessionFromExport(input []byte) (*MegolmInboundSession, error) {
 	var err error
-	input, err = goolm.Base64Decode(input)
+	input, err = base64.RawStdEncoding.DecodeString(string(input))
 	if err != nil {
 		return nil, err
 	}
@@ -111,7 +111,7 @@ func (o *MegolmInboundSession) Decrypt(ciphertext []byte) ([]byte, uint32, error
 	if o.SigningKey == nil {
 		return nil, 0, fmt.Errorf("decrypt: %w", goolm.ErrBadMessageFormat)
 	}
-	decoded, err := goolm.Base64Decode(ciphertext)
+	decoded, err := base64.RawStdEncoding.DecodeString(string(ciphertext))
 	if err != nil {
 		return nil, 0, err
 	}
diff --git a/crypto/goolm/session/megolm_outbound_session.go b/crypto/goolm/session/megolm_outbound_session.go
index e594258d..cc2a4215 100644
--- a/crypto/goolm/session/megolm_outbound_session.go
+++ b/crypto/goolm/session/megolm_outbound_session.go
@@ -67,7 +67,7 @@ func (o *MegolmOutboundSession) Encrypt(plaintext []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	return goolm.Base64Encode(encrypted), nil
+	return []byte(base64.RawStdEncoding.EncodeToString(encrypted)), nil
 }
 
 // SessionID returns the base64 endoded public signing key
diff --git a/crypto/goolm/session/olm_session.go b/crypto/goolm/session/olm_session.go
index 6655e0a5..6ab046bc 100644
--- a/crypto/goolm/session/olm_session.go
+++ b/crypto/goolm/session/olm_session.go
@@ -117,7 +117,7 @@ func NewOutboundOlmSession(identityKeyAlice crypto.Curve25519KeyPair, identityKe
 
 // NewInboundOlmSession creates a new inbound session from receiving the first message.
 func NewInboundOlmSession(identityKeyAlice *crypto.Curve25519PublicKey, receivedOTKMsg []byte, searchBobOTK SearchOTKFunc, identityKeyBob crypto.Curve25519KeyPair) (*OlmSession, error) {
-	decodedOTKMsg, err := goolm.Base64Decode(receivedOTKMsg)
+	decodedOTKMsg, err := base64.RawStdEncoding.DecodeString(string(receivedOTKMsg))
 	if err != nil {
 		return nil, err
 	}
@@ -210,8 +210,7 @@ func (s OlmSession) ID() id.SessionID {
 	copy(message[crypto.Curve25519KeyLength:], s.AliceBaseKey)
 	copy(message[2*crypto.Curve25519KeyLength:], s.BobOneTimeKey)
 	hash := crypto.SHA256(message)
-	res := id.SessionID(goolm.Base64Encode(hash))
-	return res
+	return id.SessionID(base64.RawStdEncoding.EncodeToString(hash))
 }
 
 // HasReceivedMessage returns true if this session has received any message.
@@ -227,7 +226,7 @@ func (s OlmSession) MatchesInboundSessionFrom(theirIdentityKeyEncoded *id.Curve2
 	if len(receivedOTKMsg) == 0 {
 		return false, fmt.Errorf("inbound match: %w", goolm.ErrEmptyInput)
 	}
-	decodedOTKMsg, err := goolm.Base64Decode(receivedOTKMsg)
+	decodedOTKMsg, err := base64.RawStdEncoding.DecodeString(string(receivedOTKMsg))
 	if err != nil {
 		return false, err
 	}
@@ -300,7 +299,7 @@ func (s *OlmSession) Encrypt(plaintext []byte, reader io.Reader) (id.OlmMsgType,
 		result = messageBody
 	}
 
-	return messageType, goolm.Base64Encode(result), nil
+	return messageType, []byte(base64.RawStdEncoding.EncodeToString(result)), nil
 }
 
 // Decrypt decrypts a base64 encoded message using the Session.
@@ -308,7 +307,7 @@ func (s *OlmSession) Decrypt(crypttext []byte, msgType id.OlmMsgType) ([]byte, e
 	if len(crypttext) == 0 {
 		return nil, fmt.Errorf("decrypt: %w", goolm.ErrEmptyInput)
 	}
-	decodedCrypttext, err := goolm.Base64Decode(crypttext)
+	decodedCrypttext, err := base64.RawStdEncoding.DecodeString(string(crypttext))
 	if err != nil {
 		return nil, err
 	}