diff --git a/Codec/Encryption/OpenPGP/Types/Internal/Base.hs b/Codec/Encryption/OpenPGP/Types/Internal/Base.hs
--- a/Codec/Encryption/OpenPGP/Types/Internal/Base.hs
+++ b/Codec/Encryption/OpenPGP/Types/Internal/Base.hs
@@ -1,5 +1,5 @@
 -- Base.hs: OpenPGP (RFC4880) data types
--- Copyright © 2012-2018  Clint Adams
+-- Copyright © 2012-2021  Clint Adams
 -- This software is released under the terms of the Expat license.
 -- (See the LICENSE file).
 {-# LANGUAGE CPP #-}
@@ -22,6 +22,9 @@
 import Control.Monad (mzero)
 import Data.Aeson ((.=), object)
 import qualified Data.Aeson as A
+#if MIN_VERSION_aeson(2,0,0)
+import qualified Data.Aeson.Key as AK
+#endif
 import qualified Data.Aeson.TH as ATH
 import Data.ByteArray (ByteArrayAccess)
 import qualified Data.ByteString as B
@@ -359,11 +362,17 @@
 instance Pretty TwentyOctetFingerprint where
   pretty = pretty . take 40 . bsToHexUpper . unTOF
 
+#if MIN_VERSION_aeson(2,0,0)
+key = AK.fromText . T.pack
+#else
+key = T.pack
+#endif
+
 instance A.ToJSON TwentyOctetFingerprint where
-  toJSON e = object [T.pack "fpr" .= (A.toJSON . show . pretty) e]
+  toJSON e = object [key "fpr" .= (A.toJSON . show . pretty) e]
 
 instance A.FromJSON TwentyOctetFingerprint where
-  parseJSON (A.Object v) = TwentyOctetFingerprint . read <$> v A..: T.pack "fpr"
+  parseJSON (A.Object v) = TwentyOctetFingerprint . read <$> v A..: key "fpr"
   parseJSON _ = mzero
 
 newtype SpacedFingerprint =
@@ -407,10 +416,10 @@
 instance Hashable EightOctetKeyId
 
 instance A.ToJSON EightOctetKeyId where
-  toJSON e = object [T.pack "eoki" .= (bsToHexUpper . op EightOctetKeyId) e]
+  toJSON e = object [key "eoki" .= (bsToHexUpper . op EightOctetKeyId) e]
 
 instance A.FromJSON EightOctetKeyId where
-  parseJSON (A.Object v) = EightOctetKeyId . read <$> v A..: T.pack "eoki"
+  parseJSON (A.Object v) = EightOctetKeyId . read <$> v A..: key "eoki"
   parseJSON _ = mzero
 
 newtype NotationName =
@@ -425,10 +434,10 @@
 instance Wrapped NotationName
 
 instance A.ToJSON NotationName where
-  toJSON nn = object [T.pack "notationname" .= show (op NotationName nn)]
+  toJSON nn = object [key "notationname" .= show (op NotationName nn)]
 
 instance A.FromJSON NotationName where
-  parseJSON (A.Object v) = NotationName . read <$> v A..: T.pack "notationname"
+  parseJSON (A.Object v) = NotationName . read <$> v A..: key "notationname"
   parseJSON _ = mzero
 
 newtype NotationValue =
@@ -443,11 +452,11 @@
 instance Wrapped NotationValue
 
 instance A.ToJSON NotationValue where
-  toJSON nv = object [T.pack "notationvalue" .= show (op NotationValue nv)]
+  toJSON nv = object [key "notationvalue" .= show (op NotationValue nv)]
 
 instance A.FromJSON NotationValue where
   parseJSON (A.Object v) =
-    NotationValue . read <$> v A..: T.pack "notationvalue"
+    NotationValue . read <$> v A..: key "notationvalue"
   parseJSON _ = mzero
 
 data HashAlgorithm
@@ -701,11 +710,11 @@
   pretty = pretty . (\uri -> uriToString id uri "") . op URL
 
 instance A.ToJSON URL where
-  toJSON u = object [T.pack "uri" .= (\uri -> uriToString id uri "") (op URL u)]
+  toJSON u = object [key "uri" .= (\uri -> uriToString id uri "") (op URL u)]
 
 instance A.FromJSON URL where
   parseJSON (A.Object v) =
-    URL . fromMaybe nullURI . parseURI <$> v A..: T.pack "uri"
+    URL . fromMaybe nullURI . parseURI <$> v A..: key "uri"
   parseJSON _ = mzero
 
 data SigType
@@ -931,63 +940,63 @@
     pretty "unknown signature subpacket type" <+> pretty t <+> prettyLBS bs
 
 instance A.ToJSON SigSubPacketPayload where
-  toJSON (SigCreationTime ts) = object [T.pack "sigCreationTime" .= ts]
-  toJSON (SigExpirationTime d) = object [T.pack "sigExpirationTime" .= d]
+  toJSON (SigCreationTime ts) = object [key "sigCreationTime" .= ts]
+  toJSON (SigExpirationTime d) = object [key "sigExpirationTime" .= d]
   toJSON (ExportableCertification e) =
-    object [T.pack "exportableCertification" .= e]
-  toJSON (TrustSignature tl ta) = object [T.pack "trustSignature" .= (tl, ta)]
+    object [key "exportableCertification" .= e]
+  toJSON (TrustSignature tl ta) = object [key "trustSignature" .= (tl, ta)]
   toJSON (RegularExpression apdre) =
-    object [T.pack "regularExpression" .= BL.unpack apdre]
-  toJSON (Revocable r) = object [T.pack "revocable" .= r]
-  toJSON (KeyExpirationTime d) = object [T.pack "keyExpirationTime" .= d]
+    object [key "regularExpression" .= BL.unpack apdre]
+  toJSON (Revocable r) = object [key "revocable" .= r]
+  toJSON (KeyExpirationTime d) = object [key "keyExpirationTime" .= d]
   toJSON (PreferredSymmetricAlgorithms sas) =
-    object [T.pack "preferredSymmetricAlgorithms" .= sas]
+    object [key "preferredSymmetricAlgorithms" .= sas]
   toJSON (RevocationKey rcs pka tof) =
-    object [T.pack "revocationKey" .= (rcs, pka, tof)]
-  toJSON (Issuer eoki) = object [T.pack "issuer" .= eoki]
+    object [key "revocationKey" .= (rcs, pka, tof)]
+  toJSON (Issuer eoki) = object [key "issuer" .= eoki]
   toJSON (NotationData nfs (NotationName nn) (NotationValue nv)) =
-    object [T.pack "notationData" .= (nfs, BL.unpack nn, BL.unpack nv)]
+    object [key "notationData" .= (nfs, BL.unpack nn, BL.unpack nv)]
   toJSON (PreferredHashAlgorithms phas) =
-    object [T.pack "preferredHashAlgorithms" .= phas]
+    object [key "preferredHashAlgorithms" .= phas]
   toJSON (PreferredCompressionAlgorithms pcas) =
-    object [T.pack "preferredCompressionAlgorithms" .= pcas]
+    object [key "preferredCompressionAlgorithms" .= pcas]
   toJSON (KeyServerPreferences kspfs) =
-    object [T.pack "keyServerPreferences" .= kspfs]
+    object [key "keyServerPreferences" .= kspfs]
   toJSON (PreferredKeyServer ks) =
-    object [T.pack "preferredKeyServer" .= show ks]
-  toJSON (PrimaryUserId p) = object [T.pack "primaryUserId" .= p]
-  toJSON (PolicyURL u) = object [T.pack "policyURL" .= u]
-  toJSON (KeyFlags kfs) = object [T.pack "keyFlags" .= kfs]
-  toJSON (SignersUserId u) = object [T.pack "signersUserId" .= u]
+    object [key "preferredKeyServer" .= show ks]
+  toJSON (PrimaryUserId p) = object [key "primaryUserId" .= p]
+  toJSON (PolicyURL u) = object [key "policyURL" .= u]
+  toJSON (KeyFlags kfs) = object [key "keyFlags" .= kfs]
+  toJSON (SignersUserId u) = object [key "signersUserId" .= u]
   toJSON (ReasonForRevocation rc rr) =
-    object [T.pack "reasonForRevocation" .= (rc, rr)]
-  toJSON (Features ffs) = object [T.pack "features" .= ffs]
+    object [key "reasonForRevocation" .= (rc, rr)]
+  toJSON (Features ffs) = object [key "features" .= ffs]
   toJSON (SignatureTarget pka ha sh) =
-    object [T.pack "signatureTarget" .= (pka, ha, BL.unpack sh)]
-  toJSON (EmbeddedSignature sp) = object [T.pack "embeddedSignature" .= sp]
+    object [key "signatureTarget" .= (pka, ha, BL.unpack sh)]
+  toJSON (EmbeddedSignature sp) = object [key "embeddedSignature" .= sp]
   toJSON (IssuerFingerprint kv ifp) =
-    object [T.pack "issuerFingerprint" .= (kv, ifp)]
+    object [key "issuerFingerprint" .= (kv, ifp)]
   toJSON (UserDefinedSigSub t bs) =
-    object [T.pack "userDefinedSigSub" .= (t, BL.unpack bs)]
-  toJSON (OtherSigSub t bs) = object [T.pack "otherSigSub" .= (t, BL.unpack bs)]
+    object [key "userDefinedSigSub" .= (t, BL.unpack bs)]
+  toJSON (OtherSigSub t bs) = object [key "otherSigSub" .= (t, BL.unpack bs)]
 
 uc3 :: (a -> b -> c -> d) -> (a, b, c) -> d
 uc3 f ~(a, b, c) = f a b c
 
 instance A.FromJSON SigSubPacketPayload where
   parseJSON (A.Object v) =
-    (SigCreationTime <$> v A..: T.pack "sigCreationTime") <|>
-    (SigExpirationTime <$> v A..: T.pack "sigExpirationTime") <|>
-    (ExportableCertification <$> v A..: T.pack "exportableCertification") <|>
-    (uncurry TrustSignature <$> v A..: T.pack "trustSignature") <|>
-    (RegularExpression . BL.pack <$> v A..: T.pack "regularExpression") <|>
-    (Revocable <$> v A..: T.pack "revocable") <|>
-    (KeyExpirationTime <$> v A..: T.pack "keyExpirationTime") <|>
+    (SigCreationTime <$> v A..: key "sigCreationTime") <|>
+    (SigExpirationTime <$> v A..: key "sigExpirationTime") <|>
+    (ExportableCertification <$> v A..: key "exportableCertification") <|>
+    (uncurry TrustSignature <$> v A..: key "trustSignature") <|>
+    (RegularExpression . BL.pack <$> v A..: key "regularExpression") <|>
+    (Revocable <$> v A..: key "revocable") <|>
+    (KeyExpirationTime <$> v A..: key "keyExpirationTime") <|>
     (PreferredSymmetricAlgorithms <$>
-     v A..: T.pack "preferredSymmetricAlgorithms") <|>
-    (uc3 RevocationKey <$> v A..: T.pack "revocationKey") <|>
-    (Issuer <$> v A..: T.pack "issuer") <|>
-    (uc3 NotationData <$> v A..: T.pack "notationData")
+     v A..: key "preferredSymmetricAlgorithms") <|>
+    (uc3 RevocationKey <$> v A..: key "revocationKey") <|>
+    (Issuer <$> v A..: key "issuer") <|>
+    (uc3 NotationData <$> v A..: key "notationData")
   parseJSON _ = mzero
 
 data SigSubPacket =
diff --git a/Codec/Encryption/OpenPGP/Types/Internal/Pkt.hs b/Codec/Encryption/OpenPGP/Types/Internal/Pkt.hs
--- a/Codec/Encryption/OpenPGP/Types/Internal/Pkt.hs
+++ b/Codec/Encryption/OpenPGP/Types/Internal/Pkt.hs
@@ -1,5 +1,5 @@
 -- Pkt.hs: OpenPGP (RFC4880) Pkt data types
--- Copyright © 2012-2018  Clint Adams
+-- Copyright © 2012-2021  Clint Adams
 -- This software is released under the terms of the Expat license.
 -- (See the LICENSE file).
 {-# LANGUAGE DataKinds #-}
@@ -112,88 +112,88 @@
 instance A.ToJSON Pkt where
   toJSON (PKESKPkt pv eoki pka mpis) =
     object
-      [ T.pack "pkesk" .=
+      [ key "pkesk" .=
         object
-          [ T.pack "version" .= pv
-          , T.pack "keyid" .= eoki
-          , T.pack "pkalgo" .= pka
-          , T.pack "mpis" .= NE.toList mpis
+          [ key "version" .= pv
+          , key "keyid" .= eoki
+          , key "pkalgo" .= pka
+          , key "mpis" .= NE.toList mpis
           ]
       ]
-  toJSON (SignaturePkt sp) = object [T.pack "signature" .= sp]
+  toJSON (SignaturePkt sp) = object [key "signature" .= sp]
   toJSON (SKESKPkt pv sa s2k mbs) =
     object
-      [ T.pack "skesk" .=
+      [ key "skesk" .=
         object
-          [ T.pack "version" .= pv
-          , T.pack "symalgo" .= sa
-          , T.pack "s2k" .= s2k
-          , T.pack "data" .= maybe mempty BL.unpack mbs
+          [ key "version" .= pv
+          , key "symalgo" .= sa
+          , key "s2k" .= s2k
+          , key "data" .= maybe mempty BL.unpack mbs
           ]
       ]
   toJSON (OnePassSignaturePkt pv st ha pka eoki nestedflag) =
     object
-      [ T.pack "onepasssignature" .=
+      [ key "onepasssignature" .=
         object
-          [ T.pack "version" .= pv
-          , T.pack "sigtype" .= st
-          , T.pack "hashalgo" .= ha
-          , T.pack "pkalgo" .= pka
-          , T.pack "keyid" .= eoki
-          , T.pack "nested" .= nestedflag
+          [ key "version" .= pv
+          , key "sigtype" .= st
+          , key "hashalgo" .= ha
+          , key "pkalgo" .= pka
+          , key "keyid" .= eoki
+          , key "nested" .= nestedflag
           ]
       ]
   toJSON (SecretKeyPkt pkp ska) =
     object
-      [ T.pack "secretkey" .=
-        object [T.pack "public" .= pkp, T.pack "secret" .= ska]
+      [ key "secretkey" .=
+        object [key "public" .= pkp, key "secret" .= ska]
       ]
-  toJSON (PublicKeyPkt pkp) = object [T.pack "publickey" .= pkp]
+  toJSON (PublicKeyPkt pkp) = object [key "publickey" .= pkp]
   toJSON (SecretSubkeyPkt pkp ska) =
     object
-      [ T.pack "secretsubkey" .=
-        object [T.pack "public" .= pkp, T.pack "secret" .= ska]
+      [ key "secretsubkey" .=
+        object [key "public" .= pkp, key "secret" .= ska]
       ]
   toJSON (CompressedDataPkt ca cdp) =
     object
-      [ T.pack "compresseddata" .=
-        object [T.pack "compressionalgo" .= ca, T.pack "data" .= BL.unpack cdp]
+      [ key "compresseddata" .=
+        object [key "compressionalgo" .= ca, key "data" .= BL.unpack cdp]
       ]
-  toJSON (SymEncDataPkt bs) = object [T.pack "symencdata" .= BL.unpack bs]
-  toJSON (MarkerPkt bs) = object [T.pack "marker" .= BL.unpack bs]
+  toJSON (SymEncDataPkt bs) = object [key "symencdata" .= BL.unpack bs]
+  toJSON (MarkerPkt bs) = object [key "marker" .= BL.unpack bs]
   toJSON (LiteralDataPkt dt fn ts bs) =
     object
-      [ T.pack "literaldata" .=
+      [ key "literaldata" .=
         object
-          [ T.pack "dt" .= dt
-          , T.pack "filename" .= BL.unpack fn
-          , T.pack "ts" .= ts
-          , T.pack "data" .= BL.unpack bs
+          [ key "dt" .= dt
+          , key "filename" .= BL.unpack fn
+          , key "ts" .= ts
+          , key "data" .= BL.unpack bs
           ]
       ]
-  toJSON (TrustPkt bs) = object [T.pack "trust" .= BL.unpack bs]
-  toJSON (UserIdPkt u) = object [T.pack "userid" .= u]
-  toJSON (PublicSubkeyPkt pkp) = object [T.pack "publicsubkkey" .= pkp]
-  toJSON (UserAttributePkt us) = object [T.pack "userattribute" .= us]
+  toJSON (TrustPkt bs) = object [key "trust" .= BL.unpack bs]
+  toJSON (UserIdPkt u) = object [key "userid" .= u]
+  toJSON (PublicSubkeyPkt pkp) = object [key "publicsubkkey" .= pkp]
+  toJSON (UserAttributePkt us) = object [key "userattribute" .= us]
   toJSON (SymEncIntegrityProtectedDataPkt pv bs) =
     object
-      [ T.pack "symencipd" .=
-        object [T.pack "version" .= pv, T.pack "data" .= BL.unpack bs]
+      [ key "symencipd" .=
+        object [key "version" .= pv, key "data" .= BL.unpack bs]
       ]
   toJSON (ModificationDetectionCodePkt bs) =
-    object [T.pack "mdc" .= BL.unpack bs]
+    object [key "mdc" .= BL.unpack bs]
   toJSON (OtherPacketPkt t bs) =
     object
-      [ T.pack "otherpacket" .=
-        object [T.pack "tag" .= t, T.pack "data" .= BL.unpack bs]
+      [ key "otherpacket" .=
+        object [key "tag" .= t, key "data" .= BL.unpack bs]
       ]
   toJSON (BrokenPacketPkt s t bs) =
     object
-      [ T.pack "brokenpacket" .=
+      [ key "brokenpacket" .=
         object
-          [ T.pack "error" .= s
-          , T.pack "tag" .= t
-          , T.pack "data" .= BL.unpack bs
+          [ key "error" .= s
+          , key "tag" .= t
+          , key "data" .= BL.unpack bs
           ]
       ]
 
diff --git a/hOpenPGP.cabal b/hOpenPGP.cabal
--- a/hOpenPGP.cabal
+++ b/hOpenPGP.cabal
@@ -1,6 +1,6 @@
 Cabal-version:       2.2
 Name:                hOpenPGP
-Version:             2.9.6
+Version:             2.9.7
 Synopsis:            native Haskell implementation of OpenPGP (RFC4880)
 Description:         native Haskell implementation of OpenPGP (RFC4880), plus Camellia (RFC5581), plus ECC (RFC6637)
 Homepage:            https://salsa.debian.org/clint/hOpenPGP
@@ -158,7 +158,7 @@
   , tests/data/pgcrypto-passphrase.txt
 
 common deps
-  build-depends: aeson                               < 2
+  build-depends: aeson
                , attoparsec
                , base                   > 4.9     && < 5
                , base16-bytestring
@@ -285,4 +285,4 @@
 source-repository this
   type:     git
   location: https://salsa.debian.org/clint/hOpenPGP.git
-  tag:      v2.9.6
+  tag:      v2.9.7
