diff --git a/copy/copy.go b/copy/copy.go
index 41e88e926f..7deb2f32a2 100644
--- a/copy/copy.go
+++ b/copy/copy.go
@@ -396,23 +396,11 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur
 	}
 	updatedList := originalList.Clone()
 
-	// Read and/or clear the set of signatures for this list.
-	var sigs [][]byte
-	if options.RemoveSignatures {
-		sigs = [][]byte{}
-	} else {
-		c.Printf("Getting image list signatures\n")
-		s, err := unparsedToplevel.Signatures(ctx)
-		if err != nil {
-			return nil, errors.Wrap(err, "reading signatures")
-		}
-		sigs = s
-	}
-	if len(sigs) != 0 {
-		c.Printf("Checking if image list destination supports signatures\n")
-		if err := c.dest.SupportsSignatures(ctx); err != nil {
-			return nil, errors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference()))
-		}
+	sigs, err := c.sourceSignatures(ctx, unparsedToplevel, options,
+		"Getting image list signatures",
+		"Checking if image list destination supports signatures")
+	if err != nil {
+		return nil, err
 	}
 
 	// If the destination is a digested reference, make a note of that, determine what digest value we're
@@ -643,22 +631,11 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli
 		return nil, "", "", err
 	}
 
-	var sigs [][]byte
-	if options.RemoveSignatures {
-		sigs = [][]byte{}
-	} else {
-		c.Printf("Getting image source signatures\n")
-		s, err := src.Signatures(ctx)
-		if err != nil {
-			return nil, "", "", errors.Wrap(err, "reading signatures")
-		}
-		sigs = s
-	}
-	if len(sigs) != 0 {
-		c.Printf("Checking if image destination supports signatures\n")
-		if err := c.dest.SupportsSignatures(ctx); err != nil {
-			return nil, "", "", errors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference()))
-		}
+	sigs, err := c.sourceSignatures(ctx, src, options,
+		"Getting image source signatures",
+		"Checking if image destination supports signatures")
+	if err != nil {
+		return nil, "", "", err
 	}
 
 	// Determine if we're allowed to modify the manifest.
diff --git a/copy/sign.go b/copy/sign.go
index 61612a4d3d..5281cca99b 100644
--- a/copy/sign.go
+++ b/copy/sign.go
@@ -1,11 +1,39 @@
 package copy
 
 import (
+	"context"
+
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/transports"
+	"github.com/containers/image/v5/types"
 	"github.com/pkg/errors"
 )
 
+// sourceSignatures returns signatures from unparsedSource based on options,
+// and verifies that they can be used (to avoid copying a large image when we
+// can tell in advance that it would ultimately fail)
+func (c *copier) sourceSignatures(ctx context.Context, unparsed types.UnparsedImage, options *Options,
+	gettingSignaturesMessage, checkingDestMessage string) ([][]byte, error) {
+	var sigs [][]byte
+	if options.RemoveSignatures {
+		sigs = [][]byte{}
+	} else {
+		c.Printf("%s\n", gettingSignaturesMessage)
+		s, err := unparsed.Signatures(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "reading signatures")
+		}
+		sigs = s
+	}
+	if len(sigs) != 0 {
+		c.Printf("%s\n", checkingDestMessage)
+		if err := c.dest.SupportsSignatures(ctx); err != nil {
+			return nil, errors.Wrapf(err, "Can not copy signatures to %s", transports.ImageName(c.dest.Reference()))
+		}
+	}
+	return sigs, nil
+}
+
 // createSignature creates a new signature of manifest using keyIdentity.
 func (c *copier) createSignature(manifest []byte, keyIdentity string) ([]byte, error) {
 	mech, err := signature.NewGPGSigningMechanism()