diff --git a/dkg/runner.go b/dkg/runner.go
index adf74dbd4..c254c223d 100644
--- a/dkg/runner.go
+++ b/dkg/runner.go
@@ -178,7 +178,10 @@ func (r *runner) prepareAndBroadcastOutput() error {
 	}
 
 	// encrypt Operator's share
-	encryptedShare, err := r.config.Signer.Encrypt(r.Operator.EncryptionPubKey, r.KeygenOutcome.ProtocolOutput.Share.Serialize())
+	// TODO: this is encryped in such manner so that cli can generate a compatible
+	// keyshares file
+	// https://docs.ssv.network/developers/tools/ssv-key-distributor/ssv-keys-cli
+	encryptedShare, err := r.config.Signer.Encrypt(r.Operator.EncryptionPubKey, []byte("0x"+r.KeygenOutcome.ProtocolOutput.Share.SerializeToHexStr()))
 	if err != nil {
 		return errors.Wrap(err, "could not encrypt share")
 	}
diff --git a/types/testingutils/dkg.go b/types/testingutils/dkg.go
index 302253e7c..ad84587b5 100644
--- a/types/testingutils/dkg.go
+++ b/types/testingutils/dkg.go
@@ -166,7 +166,7 @@ func (ks *TestKeySet) SignedOutputObject(requestID dkg.RequestID, opId types.Ope
 	share := ks.Shares[opId]
 	o := &dkg.Output{
 		RequestID:       requestID,
-		EncryptedShare:  TestingEncryption(&ks.DKGOperators[opId].EncryptionKey.PublicKey, share.Serialize()),
+		EncryptedShare:  TestingEncryption(&ks.DKGOperators[opId].EncryptionKey.PublicKey, []byte("0x"+share.SerializeToHexStr())),
 		SharePubKey:     share.GetPublicKey().Serialize(),
 		ValidatorPubKey: ks.ValidatorPK.Serialize(),
 	}