diff --git a/lib/rpmts.cc b/lib/rpmts.cc
index b6a7e38708..5e64d7872f 100644
--- a/lib/rpmts.cc
+++ b/lib/rpmts.cc
@@ -622,7 +622,10 @@ static rpmRC rpmtsImportFSKey(rpmtxn txn, Header h, rpmFlags flags, int replace)
     if (!rc && replace) {
 	/* find and delete the old pubkey entry */
 	char *keyid = headerFormat(h, "%{version}", NULL);
-	rpmtsDeleteFSKey(txn, keyid, keyfmt);
+	if (rpmtsDeleteFSKey(txn, keyid, keyfmt) == RPMRC_NOTFOUND) {
+	    /* make sure an old, short keyid version gets removed */
+	    rpmtsDeleteFSKey(txn, keyid+32, keyfmt);
+	}
 	free(keyid);
 
     }
@@ -666,7 +669,10 @@ static rpmRC rpmtsImportDBKey(rpmtxn txn, Header h, rpmFlags flags, int replace)
 	/* find and delete the old pubkey entry */
 	unsigned int newinstance = headerGetInstance(h);
 	char *keyid = headerFormat(h, "%{version}", NULL);
-	rpmtsDeleteDBKey(txn, keyid, newinstance);
+	if (rpmtsDeleteDBKey(txn, keyid, newinstance) == RPMRC_NOTFOUND) {
+	    /* make sure an old, short keyid version gets removed */
+	    rpmtsDeleteDBKey(txn, keyid+32, newinstance);
+	}
 	free(keyid);
     }
 
diff --git a/tests/data/misc/rpmdb.sqlite b/tests/data/misc/rpmdb.sqlite
index 9129728413..9d8abd763b 100644
Binary files a/tests/data/misc/rpmdb.sqlite and b/tests/data/misc/rpmdb.sqlite differ
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 4d376a0d4e..ae68cef50e 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -100,6 +100,67 @@ runroot rpmkeys --list
 [])
 RPMTEST_CLEANUP
 
+AT_SETUP([rpmkeys migrate from keyid to fingerprint (rpmdb)])
+AT_KEYWORDS([rpmkeys rpmdb])
+RPMDB_INIT
+RPMTEST_CHECK([
+runroot rpm -q --dbpath /data/misc/ gpg-pubkey
+],
+[0],
+[gpg-pubkey-1964c5fc-58e63918
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --import --dbpath /data/misc/ /data/keys/rpm.org-rsa-2048-add-subkey.asc
+],
+[0],
+[],
+[])
+
+RPMTEST_CHECK([
+runroot rpm -q --dbpath /data/misc/ gpg-pubkey
+],
+[0],
+[gpg-pubkey-771b18d3d7baa28734333c424344591e1964c5fc-58e63918
+],
+[])
+RPMTEST_CLEANUP
+
+AT_SETUP([rpmkeys migrate from keyid to fingerprint (fs)])
+AT_KEYWORDS([rpmkeys rpmdb])
+RPMDB_INIT
+# root's .rpmmacros used to keep this build prefix independent
+echo "%_keyring fs" >> "${RPMTEST}"/root/.rpmmacros
+
+RPMTEST_CHECK([
+runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
+runroot_other mv /var/lib/rpm/pubkeys/gpg-pubkey-771b18d3d7baa28734333c424344591e1964c5fc-58e63918.key /var/lib/rpm/pubkeys/gpg-pubkey-1964c5fc-58e63918.key
+runroot_other ls /var/lib/rpm/pubkeys/
+runroot rpmkeys --list
+],
+[0],
+[gpg-pubkey-1964c5fc-58e63918.key
+771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <rsa@rpm.org> public key
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-add-subkey.asc
+],
+[0],
+[],
+[])
+
+RPMTEST_CHECK([
+runroot_other ls /var/lib/rpm/pubkeys/
+],
+[0],
+[gpg-pubkey-771b18d3d7baa28734333c424344591e1964c5fc-58e63918.key
+],
+[])
+RPMTEST_CLEANUP
+
 AT_SETUP([rpmkeys key update (fs)])
 AT_KEYWORDS([rpmkeys signature])
 RPMDB_INIT