diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index edab03fc08..807b785a30 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -267,7 +267,8 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
 	if (nodigests && sinfo.type == RPMSIG_DIGEST_TYPE)
 	    continue;
 	if (rc == RPMRC_OK && sinfo.hashalgo) {
-	    rpmDigestBundleAdd(sinfo.payload ? plbundle : hdrbundle,
+	    rpmDigestBundleAdd((sinfo.range & RPMSIG_PAYLOAD) ?
+				plbundle : hdrbundle,
 			       sinfo.hashalgo, RPMDIGEST_NONE);
 	}
     }
@@ -302,7 +303,8 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
 	    continue;
 
 	if (sinfo.type != RPMSIG_OTHER_TYPE && rc == RPMRC_OK) {
-	    ctx = rpmDigestBundleDupCtx(sinfo.payload ? plbundle : hdrbundle,
+	    ctx = rpmDigestBundleDupCtx((sinfo.range & RPMSIG_PAYLOAD) ?
+					plbundle : hdrbundle,
 					sinfo.hashalgo);
 	    rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, &result);
 	    rpmDigestFinal(ctx, NULL, NULL, 0);
diff --git a/lib/signature.c b/lib/signature.c
index 42fd3a05c6..ee40d0df36 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -34,12 +34,14 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin,
     case RPMSIGTAG_GPG:
     case RPMSIGTAG_PGP5:	/* XXX legacy */
     case RPMSIGTAG_PGP:
-	sinfo->payload = 1;
+	sinfo->range = RPMSIG_PAYLOAD;
 	/* fallthrough */
     case RPMSIGTAG_RSA:
     case RPMSIGTAG_DSA:
 	tagtype = RPM_BIN_TYPE;
 	sinfo->type = RPMSIG_SIGNATURE_TYPE;
+	/* GPG/PGP are hdr+payload, RSA/DSA are hdr-only */
+	sinfo->range |= RPMSIG_HEADER;
 	break;
     case RPMSIGTAG_SHA1:
 	tagsize = 41; /* includes trailing \0 */
@@ -47,25 +49,28 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin,
 	hexstring = 1;
 	sinfo->hashalgo = PGPHASHALGO_SHA1;
 	sinfo->type = RPMSIG_DIGEST_TYPE;
+	sinfo->range = RPMSIG_HEADER;
 	break;
     case RPMSIGTAG_MD5:
 	tagtype = RPM_BIN_TYPE;
 	tagsize = 16;
 	sinfo->hashalgo = PGPHASHALGO_MD5;
 	sinfo->type = RPMSIG_DIGEST_TYPE;
-	sinfo->payload = 1;
+	sinfo->range = (RPMSIG_HEADER|RPMSIG_PAYLOAD);
 	break;
     case RPMSIGTAG_SIZE:
     case RPMSIGTAG_PAYLOADSIZE:
 	tagsize = 4;
 	tagtype = RPM_INT32_TYPE;
 	sinfo->type = RPMSIG_OTHER_TYPE;
+	sinfo->range = RPMSIG_PAYLOAD;
 	break;
     case RPMSIGTAG_LONGSIZE:
     case RPMSIGTAG_LONGARCHIVESIZE:
 	tagsize = 8;
 	tagtype = RPM_INT64_TYPE;
 	sinfo->type = RPMSIG_OTHER_TYPE;
+	sinfo->range = RPMSIG_PAYLOAD;
 	break;
     case RPMSIGTAG_RESERVEDSPACE:
 	tagtype = RPM_BIN_TYPE;
diff --git a/lib/signature.h b/lib/signature.h
index 97ba93a0c5..6d484956fa 100644
--- a/lib/signature.h
+++ b/lib/signature.h
@@ -15,9 +15,15 @@ enum {
     RPMSIG_OTHER_TYPE		= 3,
 };
 
+/* siginfo range bits */
+enum {
+    RPMSIG_HEADER	= (1 << 0),
+    RPMSIG_PAYLOAD	= (1 << 1),
+};
+
 struct sigtInfo_s {
     int hashalgo;
-    int payload;
+    int range;
     int type;
 };