diff --git a/agent/command.c b/agent/command.c
index 1898d6cf7..de5b1846c 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2210,7 +2210,12 @@ static const char hlp_export_key[] =
   "Export a secret key from the key store.  The key will be encrypted\n"
   "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n"
   "using the AESWRAP-128 algorithm.  The caller needs to retrieve that key\n"
-  "prior to using this command.  The function takes the keygrip as argument.\n";
+  "prior to using this command.  The function takes the keygrip as argument.\n"
+  "\n"
+  "If --openpgp is used, the secret key material will be exported in RFC 4880\n"
+  "compatible passphrase-protected form.  Without --openpgp, the secret key\n"
+  "material will be exported in the clear (after prompting the user to unlock\n"
+  "it, if needed).\n";
 static gpg_error_t
 cmd_export_key (assuan_context_t ctx, char *line)
 {
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 470fa168c..06a2d8678 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2315,13 +2315,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
 
 /* Receive a secret key from the agent.  HEXKEYGRIP is the hexified
    keygrip, DESC a prompt to be displayed with the agent's passphrase
-   question (needs to be plus+percent escaped).  If CACHE_NONCE_ADDR
-   is not NULL the agent is advised to first try a passphrase
-   associated with that nonce.  On success the key is stored as a
-   canonical S-expression at R_RESULT and R_RESULTLEN.  */
+   question (needs to be plus+percent escaped).  if OPENPGP_PROTECTED
+   is not zero, ensure that the key material is returned in RFC
+   4880-compatible passphrased-protected form.  If CACHE_NONCE_ADDR is
+   not NULL the agent is advised to first try a passphrase associated
+   with that nonce.  On success the key is stored as a canonical
+   S-expression at R_RESULT and R_RESULTLEN.  */
 gpg_error_t
 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
-                  char **cache_nonce_addr,
+                  int openpgp_protected, char **cache_nonce_addr,
                   unsigned char **r_result, size_t *r_resultlen)
 {
   gpg_error_t err;
@@ -2351,7 +2353,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
         return err;
     }
 
-  snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s",
+  snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
+            openpgp_protected ? "--openpgp ":"",
             cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
             cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
             hexkeygrip);
diff --git a/g10/call-agent.h b/g10/call-agent.h
index a5d01e65b..d85a6fd5d 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -192,7 +192,8 @@ gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
 
 /* Receive a key from the agent.  */
 gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
-                              const char *desc, char **cache_nonce_addr,
+                              const char *desc, int openpgp_protected,
+                              char **cache_nonce_addr,
                               unsigned char **r_result, size_t *r_resultlen);
 
 /* Delete a key from the agent.  */
diff --git a/g10/export.c b/g10/export.c
index d47c27d23..5b161ae8e 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -852,7 +852,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
     log_info ("key %s: asking agent for the secret parts\n", hexgrip);
 
   prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
-  err = agent_export_key (ctrl, hexgrip, prompt, cache_nonce_addr,
+  err = agent_export_key (ctrl, hexgrip, prompt, 1, cache_nonce_addr,
                           &wrappedkey, &wrappedkeylen);
   xfree (prompt);