diff -up rpm-4.8.0/rpmio/rpmpgp.c.multikey-pgp rpm-4.8.0/rpmio/rpmpgp.c
--- rpm-4.8.0/rpmio/rpmpgp.c.multikey-pgp	2012-10-15 09:50:17.250058529 +0300
+++ rpm-4.8.0/rpmio/rpmpgp.c	2012-10-15 09:50:17.350058184 +0300
@@ -815,6 +815,10 @@ static const uint8_t * pgpPrtPubkeyParam
 {
     size_t i;
 
+    /* XXX we can't handle more than one key in a packet, error out */
+    if (_dig && _dig->keydata)
+	return NULL;
+
     for (i = 0; p < &h[hlen]; i++, p += pgpMpiLen(p)) {
 	char * mpi;
 	if (pubkey_algo == PGPPUBKEYALGO_RSA) {
@@ -823,7 +827,7 @@ static const uint8_t * pgpPrtPubkeyParam
 		if (_dig->keydata == NULL) {
 		    _dig->keydata = pgpNewPublicKey(rsaKey);
 		    if (_dig->keydata == NULL)
-			break; /* error abort? */
+			return NULL;
 		}
 		switch (i) {
 		case 0:		/* n */
@@ -843,7 +847,7 @@ static const uint8_t * pgpPrtPubkeyParam
 		if (_dig->keydata == NULL) {
 		    _dig->keydata = pgpNewPublicKey(dsaKey);
 		    if (_dig->keydata == NULL)
-			break; /* error abort? */
+			return NULL;
 		}
 		switch (i) {
 		case 0:		/* p */
@@ -983,7 +987,7 @@ static int pgpPrtKey(pgpTag tag, const u
 
 	p = ((uint8_t *)v) + sizeof(*v);
 	p = pgpPrtPubkeyParams(v->pubkey_algo, p, h, hlen, _dig);
-	rc = 0;
+	rc = (p == NULL);
     }	break;
     case 4:
     {   pgpPktKeyV4 v = (pgpPktKeyV4)h;
@@ -1004,7 +1008,7 @@ static int pgpPrtKey(pgpTag tag, const u
 	p = pgpPrtPubkeyParams(v->pubkey_algo, p, h, hlen, _dig);
 	if (!(tag == PGPTAG_PUBLIC_KEY || tag == PGPTAG_PUBLIC_SUBKEY))
 	    p = pgpPrtSeckeyParams(v->pubkey_algo, p, h, hlen);
-	rc = 0;
+	rc = (p == NULL);
     }	break;
     default:
 	rc = 1;