diff --git a/g10/call-agent.c b/g10/call-agent.c
index c90cdfda5..744c0fcb8 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2226,7 +2226,14 @@ keyinfo_status_cb (void *opaque, const char *line)
 
 
 /* Ask the agent whether a secret key for the given public key is
-   available.  Returns 0 if not available.  Bigger value is preferred.  */
+ * available.  Returns 0 if not available.  Bigger value is preferred.
+ * Will never return a value less than 0.   Defined return values are:
+ *  0 := No key or error
+ *  1 := Key available
+ *  2 := Key available on a smartcard
+ *  3 := Key available and passphrase cached
+ *  4 := Key available on current smartcard
+ */
 int
 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 {
@@ -2240,11 +2247,11 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 
   err = start_agent (ctrl, 0);
   if (err)
-    return err;
+    return 0;
 
   err = hexkeygrip_from_pk (pk, &hexgrip);
   if (err)
-    return err;
+    return 0;
 
   snprintf (line, sizeof line, "KEYINFO %s", hexgrip);
   xfree (hexgrip);
diff --git a/g10/getkey.c b/g10/getkey.c
index 21ffd5cfa..d54edcd7f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3772,6 +3772,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
                   continue;
                 }
 
+              if (secret_key_avail < last_secret_key_avail)
+                {
+                  if (DBG_LOOKUP)
+                    log_debug ("\tskipping secret key with lower avail\n");
+                  continue;
+                }
+
               if (secret_key_avail > last_secret_key_avail)
                 {
                   /* Use this key.  */