diff --git a/Cargo.lock b/Cargo.lock
index dd7d4d8a..16205788 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -332,6 +332,7 @@ dependencies = [
  "rand",
  "rand_chacha",
  "rfc6979",
+ "serde",
  "sha1",
  "sha2",
  "signature",
@@ -662,6 +663,7 @@ dependencies = [
  "num-iter",
  "num-traits",
  "rand",
+ "serde",
  "smallvec",
  "zeroize",
 ]
@@ -1427,3 +1429,6 @@ name = "zeroize"
 version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
+dependencies = [
+ "serde",
+]
diff --git a/dsa/Cargo.toml b/dsa/Cargo.toml
index 19f50d38..65cd25be 100644
--- a/dsa/Cargo.toml
+++ b/dsa/Cargo.toml
@@ -21,6 +21,7 @@ num-bigint = { package = "num-bigint-dig", version = "0.8", default-features = f
 num-traits = { version = "0.2", default-features = false }
 pkcs8 = { version = "=0.11.0-rc.1", default-features = false, features = ["alloc"] }
 rfc6979 = { version = "=0.5.0-pre.4", path = "../rfc6979" }
+serde = { version = "1.0", default-features = false, features = ["derive"], optional = true }
 sha2 = { version = "=0.11.0-pre.4", default-features = false }
 signature = { version = "=2.3.0-pre.4", default-features = false, features = ["alloc", "digest", "rand_core"] }
 zeroize = { version = "1", default-features = false }
@@ -32,4 +33,12 @@ rand_chacha = "0.3"
 sha1 = "=0.11.0-pre.4"
 
 [features]
+serde = [
+    "dep:serde",
+    "num-bigint/serde",
+]
+serde_secrets = [
+    "serde",
+    "zeroize/serde",
+]
 std = []
diff --git a/dsa/src/components.rs b/dsa/src/components.rs
index dbc708e9..04f9845f 100644
--- a/dsa/src/components.rs
+++ b/dsa/src/components.rs
@@ -11,10 +11,14 @@ use pkcs8::der::{
 };
 use signature::rand_core::CryptoRngCore;
 
+#[cfg(feature = "serde")]
+use serde::{Deserialize, Serialize};
+
 /// The common components of an DSA keypair
 ///
 /// (the prime p, quotient q and generator g)
 #[derive(Clone, Debug, PartialEq, PartialOrd)]
+#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
 #[must_use]
 pub struct Components {
     /// Prime p
diff --git a/dsa/src/lib.rs b/dsa/src/lib.rs
index 89805fd3..bda92fd8 100644
--- a/dsa/src/lib.rs
+++ b/dsa/src/lib.rs
@@ -75,8 +75,12 @@ use pkcs8::der::{
 };
 use signature::SignatureEncoding;
 
+#[cfg(feature = "serde")]
+use serde::{Deserialize, Serialize};
+
 /// Container of the DSA signature
 #[derive(Clone, Debug)]
+#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
 #[must_use]
 pub struct Signature {
     /// Signature part r
diff --git a/dsa/src/signing_key.rs b/dsa/src/signing_key.rs
index bcd7e029..e8bc8966 100644
--- a/dsa/src/signing_key.rs
+++ b/dsa/src/signing_key.rs
@@ -24,11 +24,15 @@ use signature::{
 };
 use zeroize::{Zeroize, Zeroizing};
 
+#[cfg(feature = "serde_secrets")]
+use serde::{Deserialize, Serialize};
+
 /// DSA private key.
 ///
 /// The [`(try_)sign_digest_with_rng`](::signature::RandomizedDigestSigner) API uses regular non-deterministic signatures,
 /// while the [`(try_)sign_digest`](::signature::DigestSigner) API uses deterministic signatures as described in RFC 6979
 #[derive(Clone, PartialEq)]
+#[cfg_attr(feature = "serde_secrets", derive(Deserialize, Serialize))]
 #[must_use]
 pub struct SigningKey {
     /// Public key
diff --git a/dsa/src/verifying_key.rs b/dsa/src/verifying_key.rs
index e44bebf4..bab56f28 100644
--- a/dsa/src/verifying_key.rs
+++ b/dsa/src/verifying_key.rs
@@ -16,8 +16,12 @@ use pkcs8::{
 };
 use signature::{hazmat::PrehashVerifier, DigestVerifier, Verifier};
 
+#[cfg(feature = "serde")]
+use serde::{Deserialize, Serialize};
+
 /// DSA public key.
 #[derive(Clone, Debug, PartialEq, PartialOrd)]
+#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
 #[must_use]
 pub struct VerifyingKey {
     /// common components