diff --git a/simple_certmanager/mixins.py b/simple_certmanager/mixins.py
index 9d88235..9034d93 100644
--- a/simple_certmanager/mixins.py
+++ b/simple_certmanager/mixins.py
@@ -48,7 +48,7 @@ def __exit__(self, exc_type, exc_value, exc_traceback):
             return True
 
 
-def _delete_obj_files(fields: List[str], obj: models.Model) -> None:
+def _delete_obj_files(fields: list[str], obj: models.Model) -> None:
     for name in fields:
         filefield = getattr(obj, name)
         with log_failed_deletes(filefield):
diff --git a/simple_certmanager/utils.py b/simple_certmanager/utils.py
index 1915efc..e35389f 100644
--- a/simple_certmanager/utils.py
+++ b/simple_certmanager/utils.py
@@ -1,6 +1,6 @@
 import logging
 from functools import wraps
-from typing import Any, Optional, Union
+from typing import Callable, ParamSpec, TypeVar
 
 from cryptography import x509
 from cryptography.hazmat.primitives.serialization import load_pem_private_key
@@ -19,7 +19,7 @@ def load_pem_x509_private_key(data: bytes):
     return load_pem_private_key(data, password=None)
 
 
-def _decode(value: Union[str, bytes]) -> str:
+def _decode(value: str | bytes) -> str:
     # attr.value can be bytes, in which case it is must be an UTF8String or
     # PrintableString (the latter being a subset of ASCII, thus also a subset of UTF8)
     # See https://www.rfc-editor.org/rfc/rfc5280.txt
@@ -35,13 +35,17 @@ def pretty_print_certificate_components(x509name: x509.Name) -> str:
     return ", ".join(bits)
 
 
-def suppress_cryptography_errors(func):
+T = TypeVar("T")
+P = ParamSpec("P")
+
+
+def suppress_cryptography_errors(func: Callable[P, T]) -> Callable[P, T | None]:
     """
     Decorator to suppress exceptions thrown while processing PKI data.
     """
 
     @wraps(func)
-    def wrapper(*args, **kwargs) -> Optional[Any]:
+    def wrapper(*args: P.args, **kwargs: P.kwargs) -> T | None:
         try:
             return func(*args, **kwargs)
         except ValueError as exc: