diff --git a/tests/rpmdb.at b/tests/rpmdb.at
index 5f1d5b8575..545c6d6e7b 100644
--- a/tests/rpmdb.at
+++ b/tests/rpmdb.at
@@ -110,23 +110,32 @@ RPMTEST_CHECK([
 runroot rpmkeys --list
 ],
 [0],
-[1964c5fc-58e63918: rpm.org RSA testkey <rsa@rpm.org> public key
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <rsa@rpm.org> public key
 ],
 [])
 
 RPMTEST_CHECK([
-runroot rpmkeys --list 1964c5fc
+runroot rpmkeys --list 771b18d3d7baa28734333c424344591e1964c5fc
 ],
 [0],
-[1964c5fc-58e63918: rpm.org RSA testkey <rsa@rpm.org> public key
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <rsa@rpm.org> public key
 ],
 [])
 
+RPMTEST_CHECK([
+runroot rpmkeys --list 4344591e1964c5fc
+],
+[0],
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <rsa@rpm.org> public key
+],
+[])
+
+
 RPMTEST_CHECK([
 runroot rpmkeys --list XXX
 ],
 [1],
-[package gpg-pubkey-XXX is not installed
+[Key XXX not found
 ],
 [])
 
@@ -135,7 +144,7 @@ runroot rpmkeys --delete 1964c5fc
 runroot rpmkeys --list
 ],
 [1],
-[package gpg-pubkey is not installed
+[No keys installed
 ],
 [])
 RPMTEST_CLEANUP
diff --git a/tools/rpmkeys.cc b/tools/rpmkeys.cc
index 0210523f5c..9463791fb6 100644
--- a/tools/rpmkeys.cc
+++ b/tools/rpmkeys.cc
@@ -3,6 +3,8 @@
 #include <popt.h>
 #include <rpm/rpmcli.h>
 #include <rpm/rpmstring.h>
+#include <rpm/rpmkeyring.h>
+#include <rpm/rpmlog.h>
 #include "cliutils.hh"
 #include "debug.h"
 
@@ -56,12 +58,68 @@ static ARGV_t gpgkeyargs(ARGV_const_t args) {
     return gpgargs;
 }
 
+static int matchingKeys(rpmKeyring keyring, ARGV_const_t args, void * userdata, int callback(rpmPubkey, void*))
+{
+    int ec = EXIT_SUCCESS;
+    if (args) {
+	for (char * const * arg = args; *arg; arg++) {
+	    int found = false;
+	    auto iter = rpmKeyringGetIterator(keyring);
+	    rpmPubkey key = rpmKeyringIteratorNext(iter);
+	    while (key) {
+		char * fp = rpmPubkeyFingerprintAsHex(key);
+		char * keyid = rpmPubkeyKeyIDAsHex(key);
+		if (!strcmp(*arg, fp) || !strcmp(*arg, keyid)) {
+		    found = true;
+		}
+		free(fp);
+		free(keyid);
+		if (found)
+		    break;
+		key = rpmKeyringIteratorNext(iter);
+	    }
+	    rpmKeyringIteratorFree(iter);
+	    if (found)
+		callback(key, userdata);
+	    else {
+		rpmlog(RPMLOG_NOTICE, "Key %s not found\n", *arg);
+		ec = EXIT_FAILURE;
+	    }
+	}
+    } else {
+	int found = false;
+	auto iter = rpmKeyringGetIterator(keyring);
+	rpmPubkey key = rpmKeyringIteratorNext(iter);
+	while (key) {
+	    found = true;
+	    callback(key, userdata);
+	    key = rpmKeyringIteratorNext(iter);
+	}
+	rpmKeyringIteratorFree(iter);
+	if (!found) {
+	    rpmlog(RPMLOG_NOTICE, "No keys installed\n");
+	    ec = EXIT_FAILURE;
+	}
+    }
+    return ec;
+}
+
+static int printKey(rpmPubkey key, void * data)
+{
+    char * fp = rpmPubkeyFingerprintAsHex(key);
+    pgpDigParams params = rpmPubkeyPgpDigParams(key);
+    rpmlog(RPMLOG_NOTICE, "%s %s public key\n", fp, pgpDigParamsUserID(params));
+    free(fp);
+    return 0;
+}
+
 int main(int argc, char *argv[])
 {
     int ec = EXIT_FAILURE;
     poptContext optCon = NULL;
     rpmts ts = NULL;
     ARGV_const_t args = NULL;
+    rpmKeyring keyring = NULL;
 
     optCon = rpmcliInit(argc, argv, optionsTable);
 
@@ -77,6 +135,7 @@ int main(int argc, char *argv[])
 
     ts = rpmtsCreate();
     rpmtsSetRootDir(ts, rpmcliRootDir);
+    keyring = rpmtsGetKeyring(ts, 1);
 
     switch (mode) {
     case MODE_CHECKSIG:
@@ -97,16 +156,7 @@ int main(int argc, char *argv[])
     }
     case MODE_LISTKEY:
     {
-	ARGV_t query = NULL;
-	if (args != NULL) {
-	    query = gpgkeyargs(args);
-	} else {
-	    argvAdd(&query, "gpg-pubkey");
-	}
-	QVA_t qva = &rpmQVKArgs;
-	rstrcat(&qva->qva_queryFormat, "%{version}-%{release}: %{summary}\n");
-	ec = rpmcliQuery(ts, &rpmQVKArgs, (ARGV_const_t) query);
-	query = argvFree(query);
+	ec = matchingKeys(keyring, args, NULL, printKey);
 	break;
     }
     default: