diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp
index 0743dc7efa..569d130389 100644
--- a/Source/Core/Core/IOS/ES/ES.cpp
+++ b/Source/Core/Core/IOS/ES/ES.cpp
@@ -11,8 +11,6 @@
 #include <utility>
 #include <vector>
 
-#include <mbedtls/sha1.h>
-
 #include "Common/ChunkFile.h"
 #include "Common/Logging/Log.h"
 #include "Common/MsgHandler.h"
@@ -950,16 +948,9 @@ ReturnCode ES::VerifyContainer(VerifyContainerType type, VerifyMode mode,
     return ret;
   }
 
-  // Calculate the SHA1 of the signed blob.
-  const size_t skip = type == VerifyContainerType::Device ? offsetof(SignatureECC, issuer) :
-                                                            offsetof(SignatureRSA2048, issuer);
-  std::array<u8, 20> sha1;
-  mbedtls_sha1(signed_blob.GetBytes().data() + skip, signed_blob.GetBytes().size() - skip,
-               sha1.data());
-
   // Verify the signature.
   const std::vector<u8> signature = signed_blob.GetSignatureData();
-  ret = iosc.VerifyPublicKeySign(sha1, issuer_handle, signature.data(), PID_ES);
+  ret = iosc.VerifyPublicKeySign(signed_blob.GetSha1(), issuer_handle, signature.data(), PID_ES);
   if (ret != IPC_SUCCESS)
   {
     ERROR_LOG(IOS_ES, "VerifyContainer: IOSC_VerifyPublicKeySign failed with error %d", ret);
diff --git a/Source/Core/Core/IOS/ES/Formats.cpp b/Source/Core/Core/IOS/ES/Formats.cpp
index 2cc39198ea..6039cacb8c 100644
--- a/Source/Core/Core/IOS/ES/Formats.cpp
+++ b/Source/Core/Core/IOS/ES/Formats.cpp
@@ -16,6 +16,8 @@
 #include <utility>
 #include <vector>
 
+#include <mbedtls/sha1.h>
+
 #include "Common/Assert.h"
 #include "Common/ChunkFile.h"
 #include "Common/CommonTypes.h"
@@ -102,6 +104,29 @@ void SignedBlobReader::SetBytes(std::vector<u8>&& bytes)
   m_bytes = std::move(bytes);
 }
 
+static size_t GetIssuerOffset(SignatureType signature_type)
+{
+  switch (signature_type)
+  {
+  case SignatureType::RSA2048:
+    return offsetof(SignatureRSA2048, issuer);
+  case SignatureType::RSA4096:
+    return offsetof(SignatureRSA4096, issuer);
+  case SignatureType::ECC:
+    return offsetof(SignatureECC, issuer);
+  default:
+    return 0;
+  }
+}
+
+std::array<u8, 20> SignedBlobReader::GetSha1() const
+{
+  std::array<u8, 20> sha1;
+  const size_t skip = GetIssuerOffset(GetSignatureType());
+  mbedtls_sha1(m_bytes.data() + skip, m_bytes.size() - skip, sha1.data());
+  return sha1;
+}
+
 bool SignedBlobReader::IsSignatureValid() const
 {
   // Too small for the certificate type.
diff --git a/Source/Core/Core/IOS/ES/Formats.h b/Source/Core/Core/IOS/ES/Formats.h
index 1b1c1bbcb0..6afbf3407a 100644
--- a/Source/Core/Core/IOS/ES/Formats.h
+++ b/Source/Core/Core/IOS/ES/Formats.h
@@ -162,6 +162,9 @@ public:
   void SetBytes(const std::vector<u8>& bytes);
   void SetBytes(std::vector<u8>&& bytes);
 
+  /// Get the SHA1 hash for this signed blob (starting at the issuer).
+  std::array<u8, 20> GetSha1() const;
+
   // Only checks whether the signature data could be parsed. The signature is not verified.
   bool IsSignatureValid() const;