diff --git a/willow/proto/willow/BUILD b/willow/proto/willow/BUILD
index 2389ae3..fbed395 100644
--- a/willow/proto/willow/BUILD
+++ b/willow/proto/willow/BUILD
@@ -30,3 +30,13 @@ cc_proto_library(
     name = "decryptor_cc_proto",
     deps = [":decryptor_proto"],
 )
+
+proto_library(
+    name = "key_proto",
+    srcs = ["key.proto"],
+)
+
+cc_proto_library(
+    name = "key_cc_proto",
+    deps = [":key_proto"],
+)
diff --git a/willow/proto/willow/decryptor.proto b/willow/proto/willow/decryptor.proto
index e13f243..8766de8 100644
--- a/willow/proto/willow/decryptor.proto
+++ b/willow/proto/willow/decryptor.proto
@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2025 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/willow/proto/willow/key.proto b/willow/proto/willow/key.proto
new file mode 100644
index 0000000..7efab0d
--- /dev/null
+++ b/willow/proto/willow/key.proto
@@ -0,0 +1,31 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+edition = "2023";
+
+package secure_aggregation.willow;
+
+option java_multiple_files = true;
+
+// A simple container for a Willow public cryptographic key that embeds the key
+// ID and the "raw" key material.
+message Key {
+  // A short identifier for the key to allow decryption or verification to find
+  // the corresponding key from a list.
+  bytes key_id = 1;
+
+  // The raw key material. This is the serialized bytes of the key material
+  // returned by the key generation service.
+  bytes key_material = 2;
+}