diff --git a/agent/Makefile.am b/agent/Makefile.am
index ce29462b2..87c9fa122 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -45,6 +45,7 @@ gpg_agent_SOURCES = \
 	cache.c \
 	trans.c \
 	findkey.c \
+	sexp-secret.c \
 	pksign.c \
 	pkdecrypt.c \
 	genkey.c \
@@ -75,6 +76,7 @@ gpg_agent_DEPENDENCIES = $(resource_objs)
 
 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
+	sexp-secret.c \
 	protect.c cvt-openpgp.c
 
 gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
diff --git a/agent/agent.h b/agent/agent.h
index 90d8f5c73..857dffef6 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -642,4 +642,9 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
                      gcry_mpi_t *mpi_array, int arraysize,
                      gcry_sexp_t *r_curve, gcry_sexp_t *r_flags);
 
+/*-- sexp-secret.c --*/
+gpg_error_t fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p);
+gpg_error_t sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
+                                    unsigned char *buf);
+
 #endif /*AGENT_H*/
diff --git a/agent/findkey.c b/agent/findkey.c
index 7fb938b35..af42d6ece 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -968,7 +968,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
 {
   gpg_error_t err;
   unsigned char *buf;
-  size_t len, buflen, erroff;
+  size_t len, erroff;
   gcry_sexp_t s_skey;
   nvc_t keymeta = NULL;
   char *desc_text_buffer = NULL;  /* Used in case we extend DESC_TEXT.  */
@@ -1117,10 +1117,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
       return err;
     }
 
-  buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
-  err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
-  wipememory (buf, buflen);
+  err = sexp_sscan_private_key (result, &erroff, buf);
   xfree (buf);
+  nvc_release (keymeta);
+  xfree (desc_text_buffer);
   if (err)
     {
       log_error ("failed to build S-Exp (off=%u): %s\n",
@@ -1130,15 +1130,9 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
           xfree (*r_passphrase);
           *r_passphrase = NULL;
         }
-      nvc_release (keymeta);
-      xfree (desc_text_buffer);
-      return err;
     }
 
-  *result = s_skey;
-  nvc_release (keymeta);
-  xfree (desc_text_buffer);
-  return 0;
+  return err;
 }
 
 
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index bcbe4588d..a95f418e6 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -372,7 +372,7 @@ read_and_protect (const char *fname)
 static void
 read_and_unprotect (ctrl_t ctrl, const char *fname)
 {
-  int  rc;
+  gpg_error_t err;
   unsigned char *key;
   unsigned char *result;
   size_t resultlen;
@@ -383,15 +383,15 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
   if (!key)
     return;
 
-  rc = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
-                        protected_at, &result, &resultlen);
+  err = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
+                         protected_at, &result, &resultlen);
   release_passphrase (pw);
   xfree (key);
-  if (rc)
+  if (err)
     {
       if (opt_status_msg)
         log_info ("[PROTECT-TOOL:] bad-passphrase\n");
-      log_error ("unprotecting the key failed: %s\n", gpg_strerror (rc));
+      log_error ("unprotecting the key failed: %s\n", gpg_strerror (err));
       return;
     }
   if (opt.verbose)
@@ -404,6 +404,12 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
         log_info ("key protection done at [unknown]\n");
     }
 
+  err = fixup_when_ecc_private_key (result, &resultlen);
+  if (err)
+    {
+      log_error ("malformed key: %s\n", gpg_strerror (err));
+      return;
+    }
   if (opt_armor)
     {
       char *p = make_advanced (result, resultlen);
diff --git a/agent/sexp-secret.c b/agent/sexp-secret.c
new file mode 100644
index 000000000..5f0bdfa2e
--- /dev/null
+++ b/agent/sexp-secret.c
@@ -0,0 +1,128 @@
+/* sexp-secret.c - SEXP handling of the secret key
+ * Copyright (C) 2020 g10 Code GmbH.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include "agent.h"
+#include "../common/sexp-parse.h"
+
+/*
+ * When it's for ECC, fixup private key part in the cannonical SEXP
+ * representation in BUF.  If not ECC, do nothing.
+ */
+gpg_error_t
+fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p)
+{
+  const unsigned char *s;
+  size_t n;
+  size_t buflen = *buflen_p;
+
+  s = buf;
+  if (*s != '(')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+  if (!smatch (&s, n, "private-key"))
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  if (*s != '(')
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  s++;
+  n = snext (&s);
+  if (!smatch (&s, n, "ecc"))
+    return 0;
+
+  /* It's ECC */
+  while (*s == '(')
+    {
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (n == 1 && *s == 'd')
+        {
+          unsigned char *s0;
+          size_t n0;
+
+          s += n;
+          s0 = (unsigned char *)s;
+          n = snext (&s);
+          n0 = s - s0;
+
+          if (!n)
+            return gpg_error (GPG_ERR_INV_SEXP);
+          else if ((n & 1) && !*s)
+            /* Detect wrongly added 0x00.  */
+            /* For all existing curves in libgcrypt-1.9 (so far), the
+               size of private part should be even.  */
+            {
+              size_t numsize;
+
+              n--;
+              buflen--;
+              numsize = snprintf (s0, s-s0+1, "%u:", (unsigned int)n);
+              memmove (s0+numsize, s+1, buflen - (s - buf));
+              memset (s0+numsize+buflen - (s - buf), 0, (n0 - numsize) + 1);
+              buflen -= (n0 - numsize);
+              s = s0+numsize+n;
+              *buflen_p = buflen;
+            }
+          else
+            s += n;
+        }
+      else
+        {
+          s += n;
+          n = snext (&s);
+          if (!n)
+            return gpg_error (GPG_ERR_INV_SEXP);
+          s += n;
+        }
+      if ( *s != ')' )
+        return gpg_error (GPG_ERR_INV_SEXP);
+      s++;
+    }
+  if (*s != ')')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+
+  return 0;
+}
+
+/*
+ * Scan BUF to get SEXP, put into RESULT.  Error offset will be in the
+ * pointer at R_ERROFF.  For ECC, the private part 'd' will be fixed
+ * up; That part may have 0x00 prefix of signed MPI encoding, which is
+ * incompatible to opaque MPI handling.
+ */
+gpg_error_t
+sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
+                        unsigned char *buf)
+{
+  gpg_error_t err;
+  size_t buflen, buflen0;
+
+  buflen = buflen0 = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+  err = fixup_when_ecc_private_key (buf, &buflen);
+  if (!err)
+    err = gcry_sexp_sscan (result, r_erroff, (char*)buf, buflen0);
+  wipememory (buf, buflen0);
+
+  return err;
+}