diff --git a/pkg/api/entries.go b/pkg/api/entries.go
index 17769e278b85c65fe85d904b40704e24f25d752a..883e20a5fba93c9a53cb8dcd2d2ec704e540c655 100644
--- a/pkg/api/entries.go
+++ b/pkg/api/entries.go
@@ -148,7 +148,7 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl
 	if err != nil {
 		return nil, handleRekorAPIError(params, http.StatusBadRequest, err, fmt.Sprintf(validationError, err))
 	}
-	leaf, err := entry.Canonicalize(ctx)
+	leaf, err := types.CanonicalizeEntry(ctx, entry)
 	if err != nil {
 		if _, ok := (err).(types.ValidationError); ok {
 			return nil, handleRekorAPIError(params, http.StatusBadRequest, err, fmt.Sprintf(validationError, err))
@@ -315,7 +315,7 @@ func SearchLogQueryHandler(params entries.SearchLogQueryParams) middleware.Respo
 					return err
 				}
 
-				leaf, err := entry.Canonicalize(httpReqCtx)
+				leaf, err := types.CanonicalizeEntry(httpReqCtx, entry)
 				if err != nil {
 					code = http.StatusInternalServerError
 					return err
diff --git a/pkg/types/entries.go b/pkg/types/entries.go
index 42a9bb83104b78dc72df809bcf494727b162d4d4..e04648250bc7fedd9c418815515b0ce7abf0e932 100644
--- a/pkg/types/entries.go
+++ b/pkg/types/entries.go
@@ -23,6 +23,7 @@ import (
 	"net/url"
 	"reflect"
 
+	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
 	"github.com/go-openapi/strfmt"
 	"github.com/mitchellh/mapstructure"
 	"github.com/sigstore/rekor/pkg/generated/models"
@@ -105,6 +106,17 @@ func DecodeEntry(input, output interface{}) error {
 	return dec.Decode(input)
 }
 
+// CanonicalizeEntry returns the entry marshalled in JSON according to the
+// canonicalization rules of RFC8785 to protect against any changes in golang's JSON
+// marshalling logic that may reorder elements
+func CanonicalizeEntry(ctx context.Context, entry EntryImpl) ([]byte, error) {
+	canonicalEntry, err := entry.Canonicalize(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return jsoncanonicalizer.Transform(canonicalEntry)
+}
+
 // ArtifactProperties provide a consistent struct for passing values from
 // CLI flags to the type+version specific CreateProposeEntry() methods
 type ArtifactProperties struct {