diff --git a/repo.go b/repo.go
index 53a65a72b..7fcf79b86 100644
--- a/repo.go
+++ b/repo.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/secure-systems-lab/go-securesystemslib/cjson"
 	"github.com/theupdateframework/go-tuf/data"
 	"github.com/theupdateframework/go-tuf/internal/roles"
 	"github.com/theupdateframework/go-tuf/internal/signer"
@@ -485,21 +484,10 @@ func (r *Repo) RevokeKeyWithExpires(keyRole, id string, expires time.Time) error
 }
 
 func (r *Repo) jsonMarshal(v interface{}) ([]byte, error) {
-	b, err := cjson.EncodeCanonical(v)
-	if err != nil {
-		return []byte{}, err
-	}
-
 	if r.prefix == "" && r.indent == "" {
-		return b, nil
+		return json.Marshal(v)
 	}
-
-	var out bytes.Buffer
-	if err := json.Indent(&out, b, r.prefix, r.indent); err != nil {
-		return []byte{}, err
-	}
-
-	return out.Bytes(), nil
+	return json.MarshalIndent(v, r.prefix, r.indent)
 }
 
 func (r *Repo) setTopLevelMeta(roleFilename string, meta interface{}) error {
diff --git a/repo_test.go b/repo_test.go
index 336437354..f203306d0 100644
--- a/repo_test.go
+++ b/repo_test.go
@@ -1692,7 +1692,9 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) {
 	// generate signatures externally and append
 	rootMeta, err := r.SignedMeta("root.json")
 	c.Assert(err, IsNil)
-	rootSig, err := rootKey.SignMessage(rootMeta.Signed)
+	rootCanonical, err := cjson.EncodeCanonical(rootMeta.Signed)
+	c.Assert(err, IsNil)
+	rootSig, err := rootKey.SignMessage(rootCanonical)
 	c.Assert(err, IsNil)
 	for _, id := range rootKey.PublicData().IDs() {
 		c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{
@@ -1704,7 +1706,9 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) {
 	c.Assert(r.AddTarget("foo.txt", nil), IsNil)
 	targetsMeta, err := r.SignedMeta("targets.json")
 	c.Assert(err, IsNil)
-	targetsSig, err := targetsKey.SignMessage(targetsMeta.Signed)
+	targetsCanonical, err := cjson.EncodeCanonical(targetsMeta.Signed)
+	c.Assert(err, IsNil)
+	targetsSig, err := targetsKey.SignMessage(targetsCanonical)
 	c.Assert(err, IsNil)
 	for _, id := range targetsKey.PublicData().IDs() {
 		r.AddOrUpdateSignature("targets.json", data.Signature{
@@ -1716,7 +1720,9 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) {
 	c.Assert(r.Snapshot(), IsNil)
 	snapshotMeta, err := r.SignedMeta("snapshot.json")
 	c.Assert(err, IsNil)
-	snapshotSig, err := snapshotKey.SignMessage(snapshotMeta.Signed)
+	snapshotCanonical, err := cjson.EncodeCanonical(snapshotMeta.Signed)
+	c.Assert(err, IsNil)
+	snapshotSig, err := snapshotKey.SignMessage(snapshotCanonical)
 	c.Assert(err, IsNil)
 	for _, id := range snapshotKey.PublicData().IDs() {
 		r.AddOrUpdateSignature("snapshot.json", data.Signature{
@@ -1727,7 +1733,9 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) {
 	c.Assert(r.Timestamp(), IsNil)
 	timestampMeta, err := r.SignedMeta("timestamp.json")
 	c.Assert(err, IsNil)
-	timestampSig, err := timestampKey.SignMessage(timestampMeta.Signed)
+	timestampCanonical, err := cjson.EncodeCanonical(timestampMeta.Signed)
+	c.Assert(err, IsNil)
+	timestampSig, err := timestampKey.SignMessage(timestampCanonical)
 	c.Assert(err, IsNil)
 	for _, id := range timestampKey.PublicData().IDs() {
 		r.AddOrUpdateSignature("timestamp.json", data.Signature{
@@ -1769,7 +1777,9 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) {
 	// add a signature with a bad role
 	rootMeta, err := r.SignedMeta("root.json")
 	c.Assert(err, IsNil)
-	rootSig, err := rootKey.Sign(rand.Reader, rootMeta.Signed, crypto.Hash(0))
+	rootCanonical, err := cjson.EncodeCanonical(rootMeta.Signed)
+	c.Assert(err, IsNil)
+	rootSig, err := rootKey.Sign(rand.Reader, rootCanonical, crypto.Hash(0))
 	c.Assert(err, IsNil)
 	for _, id := range rootKey.PublicData().IDs() {
 		c.Assert(r.AddOrUpdateSignature("invalid_root.json", data.Signature{
diff --git a/sign/sign.go b/sign/sign.go
index 06886b5d7..6b15b6b4f 100644
--- a/sign/sign.go
+++ b/sign/sign.go
@@ -1,6 +1,8 @@
 package sign
 
 import (
+	"encoding/json"
+
 	"github.com/secure-systems-lab/go-securesystemslib/cjson"
 	"github.com/theupdateframework/go-tuf/data"
 	"github.com/theupdateframework/go-tuf/pkg/keys"
@@ -22,7 +24,12 @@ func Sign(s *data.Signed, k keys.Signer) error {
 		}
 	}
 
-	sig, err := k.SignMessage(s.Signed)
+	canonical, err := cjson.EncodeCanonical(s.Signed)
+	if err != nil {
+		return err
+	}
+
+	sig, err := k.SignMessage(canonical)
 	if err != nil {
 		return err
 	}
@@ -39,7 +46,7 @@ func Sign(s *data.Signed, k keys.Signer) error {
 }
 
 func Marshal(v interface{}, keys ...keys.Signer) (*data.Signed, error) {
-	b, err := cjson.EncodeCanonical(v)
+	b, err := json.Marshal(v)
 	if err != nil {
 		return nil, err
 	}