diff --git a/signatures/signatures.go b/signatures/signatures.go
index 4afe2ac8..cc3a6373 100644
--- a/signatures/signatures.go
+++ b/signatures/signatures.go
@@ -44,33 +44,17 @@ func GetAllFullCerts() (types.CertListFull, error) {
 		return certList, err
 	}
 
-	for _, k := range *pk {
-		if isValidSignature(k.SignatureType) {
-			for _, k1 := range k.Signatures {
-				// Note the S at the end of the function, we are parsing multiple certs, not just one
-				certificates, err := x509.ParseCertificates(k1.Data)
-				if err != nil {
-					continue
-				}
-				certList.PK = append(certList.PK, certificates...)
-			}
-		}
-	}
+	certList.PK = ExtractCertsFromSignatureDatabase(pk)
+	certList.KEK = ExtractCertsFromSignatureDatabase(kek)
+	certList.DB = ExtractCertsFromSignatureDatabase(db)
 
-	for _, k := range *kek {
-		if isValidSignature(k.SignatureType) {
-			for _, k1 := range k.Signatures {
-				// Note the S at the end of the function, we are parsing multiple certs, not just one
-				certificates, err := x509.ParseCertificates(k1.Data)
-				if err != nil {
-					continue
-				}
-				certList.KEK = append(certList.KEK, certificates...)
-			}
-		}
-	}
+	return certList, nil
+}
 
-	for _, k := range *db {
+// ExtractCertsFromSignatureDatabase returns a []*x509.Certificate from a *signature.SignatureDatabase
+func ExtractCertsFromSignatureDatabase(database *signature.SignatureDatabase) []*x509.Certificate {
+	var result []*x509.Certificate
+	for _, k := range *database {
 		if isValidSignature(k.SignatureType) {
 			for _, k1 := range k.Signatures {
 				// Note the S at the end of the function, we are parsing multiple certs, not just one
@@ -78,12 +62,11 @@ func GetAllFullCerts() (types.CertListFull, error) {
 				if err != nil {
 					continue
 				}
-				certList.DB = append(certList.DB, certificates...)
+				result = append(result, certificates...)
 			}
 		}
 	}
-
-	return certList, nil
+	return result
 }
 
 // GetAllCerts returns a list of certs in the system