diff --git a/src/org/fdroid/fdroid/updater/RepoUpdater.java b/src/org/fdroid/fdroid/updater/RepoUpdater.java
index d961e26fb..486798154 100644
--- a/src/org/fdroid/fdroid/updater/RepoUpdater.java
+++ b/src/org/fdroid/fdroid/updater/RepoUpdater.java
@@ -43,6 +43,7 @@ abstract public class RepoUpdater {
     protected final Repo repo;
     private List<App> apps = new ArrayList<App>();
     private List<Apk> apks = new ArrayList<Apk>();
+    protected boolean usePubkeyInJar = false;
     protected boolean hasChanged = false;
     protected ProgressListener progressListener;
 
@@ -230,9 +231,13 @@ abstract public class RepoUpdater {
             values.put(RepoProvider.DataColumns.LAST_ETAG, etag);
         }
 
-        // We read an unsigned index, but that indicates that
-        // a signed version is now available...
-        if (handler.getPubKey() != null && repo.pubkey == null) {
+        /*
+         * We read an unsigned index that indicates that a signed version
+         * is available. Or we received a repo config that included the
+         * fingerprint, so we need to save the pubkey now.
+         */
+        if (handler.getPubKey() != null &&
+                (repo.pubkey == null || usePubkeyInJar)) {
             // TODO: Spend the time *now* going to get the etag of the signed
             // repo, so that we can prevent downloading it next time. Otherwise
             // next time we update, we have to download the signed index
@@ -241,6 +246,7 @@ abstract public class RepoUpdater {
             Log.d("FDroid",
                     "Public key found - switching to signed repo for future updates");
             values.put(RepoProvider.DataColumns.PUBLIC_KEY, handler.getPubKey());
+            usePubkeyInJar = false;
         }
 
         if (handler.getVersion() != -1 && handler.getVersion() != repo.version) {
diff --git a/src/org/fdroid/fdroid/updater/SignedRepoUpdater.java b/src/org/fdroid/fdroid/updater/SignedRepoUpdater.java
index 9b5ef8b1e..f7ac7e805 100644
--- a/src/org/fdroid/fdroid/updater/SignedRepoUpdater.java
+++ b/src/org/fdroid/fdroid/updater/SignedRepoUpdater.java
@@ -31,6 +31,7 @@ public class SignedRepoUpdater extends RepoUpdater {
             String certdata = Hasher.hex(cert);
             if (repo.pubkey == null && repo.fingerprint.equals(Utils.calcFingerprint(cert))) {
                 repo.pubkey = certdata;
+                usePubkeyInJar = true;
             }
             if (repo.pubkey != null && repo.pubkey.equals(certdata)) {
                 match = true;