diff --git a/Cargo.toml b/Cargo.toml
index 81a7d3e..e8fb74e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,22 +27,20 @@ thiserror = "1.0"
 
 # CRYPTO
 #
-# NOTE: by policy, we pin non-dev cryptographic libraries to their exact
-# versions, requiring explicit maintainer action to apply upgrades. The
-# `deny.toml` is set up such that unintended upgrades are (hopefully) rejected.
+# The binary consumer dictates these versions via .lock
+# The .lock is used to screen the crypto dependency minor/patch bumps
 #
 [dependencies.chacha20poly1305]
-version = "=0.9.0"
+version = "^0.10.1"
 default-features = false
 features = ["alloc"]
 
 [dependencies.ed25519-zebra]
-version = "=3.0.0"
+version = "^3.0.0"
 
 [dependencies.scrypt]
-version = "=0.8.0"
+version = "^0.10.0"
 default-features = false
-# END CRYPTO
 
 [dev-dependencies]
 tokio = { version = ">= 1.8.4", features = ["macros", "rt"] }
diff --git a/deny.toml b/deny.toml
index 493aad2..e4dc7db 100644
--- a/deny.toml
+++ b/deny.toml
@@ -165,10 +165,6 @@ deny = [
     # Each entry the name of a crate and a version range. If version is
     # not specified, all versions will be matched.
     #{ name = "ansi_term", version = "=0.11.0" },
-    { name = "chacha20poly1305", version = "> 0.9.0" },
-    { name = "ed25519-zebra", version = "> 3.0.0" },
-    { name = "curve25519-dalek", version = "> 3.2.0" },
-    { name = "scrypt", version = "> 0.8.0" },
 ]
 # Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
diff --git a/src/crypto.rs b/src/crypto.rs
index 6d791e9..8dfa830 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -15,10 +15,7 @@
 // You should have received a copy of the GNU General Public License
 // along with this program. If not, see <https://www.gnu.org/licenses/>.
 
-use chacha20poly1305::{
-    aead,
-    aead::{Aead, NewAead},
-};
+use chacha20poly1305::{aead, aead::Aead, KeyInit};
 use generic_array::GenericArray;
 use secstr::{SecStr, SecUtf8};
 use serde::{Deserialize, Serialize};