diff --git a/agent/agent.h b/agent/agent.h
index bf8d244a0..47cc34562 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -171,6 +171,10 @@ struct
   /* The digest algorithm to use for ssh fingerprints when
    * communicating with the user.  */
   int ssh_fingerprint_digest;
+
+  /* The value of the option --s2k-count.  If this option is not given
+   * or 0 an auto-calibrated value is used.  */
+  unsigned long s2k_count;
 } opt;
 
 
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 030d1da83..2e19d19c1 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -134,6 +134,8 @@ enum cmd_and_opt_values
   oPuttySupport,
   oDisableScdaemon,
   oDisableCheckOwnSocket,
+  oS2KCount,
+
   oWriteEnvFile
 };
 
@@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
                 ),
   ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
 
+  ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+
   /* Dummy options for backward compatibility.  */
   ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       disable_check_own_socket = 0;
       /* Note: When changing the next line, change also gpgconf_list.  */
       opt.ssh_fingerprint_digest = GCRY_MD_MD5;
+      opt.s2k_count = 0;
       return 1;
     }
 
@@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         opt.ssh_fingerprint_digest = i;
       break;
 
+    case oS2KCount:
+      opt.s2k_count = pargs->r.ret_ulong;
+      break;
+
     default:
       return 0; /* not handled */
     }
diff --git a/agent/protect.c b/agent/protect.c
index 9b262a978..9b4ba9143 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -198,6 +198,9 @@ get_standard_s2k_count (void)
 {
   static unsigned long count;
 
+  if (opt.s2k_count)
+    return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
   if (!count)
     count = calibrate_s2k_count ();
 
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d7a562af1..6579622d8 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.
 
+@item --s2k-count @var{n}
+@opindex s2k-count
+Specify the iteration count used to protect the passphrase.  This
+option can be used to override the auto-calibration done by default.
+This auto-calibration computes a count which requires 100ms to mangle
+a given passphrase.  To view the auto-calibrated count do not use this
+option (or use 0 for @var{n}) and run this command:
+
+@example
+gpg-connect-agent 'GETINFO s2k_count' /bye
+@end example
+
+
 @end table
 
 All the long options may also be given in the configuration file after
@@ -813,6 +826,7 @@ again.  Only certain options are honored: @code{quiet},
 @code{pinentry-invisible-char},
 @code{default-cache-ttl},
 @code{max-cache-ttl}, @code{ignore-cache-for-signing},
+@code{s2k-count},
 @code{no-allow-external-cache}, @code{allow-emacs-pinentry},
 @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
 @code{disable-check-own-socket}.  @code{scdaemon-program} is also