diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts
index 34a1abe40..8b3026950 100644
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@@ -876,6 +876,17 @@ Ctrl+Shift+4 - Copy URL<br/>
         <translation type="unfinished"></translation>
     </message>
 </context>
+<context>
+    <name>BinaryStream</name>
+    <message>
+        <source>Failed to read string data: %1</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>String length exceeds 10 MiB limit (requested %1)</source>
+        <translation type="unfinished"></translation>
+    </message>
+</context>
 <context>
     <name>BrowserAccessControlDialog</name>
     <message>
@@ -6694,10 +6705,6 @@ Expect some bugs and minor issues, this version is meant for testing purposes.</
         <source>Found zero keys</source>
         <translation type="unfinished"></translation>
     </message>
-    <message>
-        <source>Failed to read public key.</source>
-        <translation type="unfinished"></translation>
-    </message>
     <message>
         <source>Corrupted key file, reading private key failed</source>
         <translation type="unfinished"></translation>
@@ -6786,6 +6793,14 @@ Expect some bugs and minor issues, this version is meant for testing purposes.</
         <source>(encrypted)</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Failed to read key file: %1</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Failed to read public key: %1</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>OpenSSHKeyGenDialog</name>
diff --git a/src/sshagent/BinaryStream.cpp b/src/sshagent/BinaryStream.cpp
index 2ac93943c..4c67a5165 100644
--- a/src/sshagent/BinaryStream.cpp
+++ b/src/sshagent/BinaryStream.cpp
@@ -17,6 +17,7 @@
  */
 
 #include "BinaryStream.h"
+#include "core/Tools.h"
 #include <QtEndian>
 
 BinaryStream::BinaryStream(QIODevice* device)
@@ -116,9 +117,16 @@ bool BinaryStream::readString(QByteArray& ba)
         return false;
     }
 
+    // Don't attempt to read strings over 10 MiB
+    if (length > 1024 * 1024 * 10) {
+        m_error = tr("String length exceeds 10 MiB limit (requested %1)").arg(Tools::humanReadableFileSize(length, 0));
+        return false;
+    }
+
     ba.resize(length);
 
     if (!read(ba.data(), ba.length())) {
+        m_error = tr("Failed to read string data: %1").arg(m_device->errorString());
         return false;
     }
 
diff --git a/src/sshagent/OpenSSHKey.cpp b/src/sshagent/OpenSSHKey.cpp
index 7df1c4287..4f8558596 100644
--- a/src/sshagent/OpenSSHKey.cpp
+++ b/src/sshagent/OpenSSHKey.cpp
@@ -312,9 +312,10 @@ bool OpenSSHKey::parsePKCS1PEM(const QByteArray& in)
             return false;
         }
 
-        stream.readString(m_cipherName);
-        stream.readString(m_kdfName);
-        stream.readString(m_kdfOptions);
+        if (!stream.readString(m_cipherName) || !stream.readString(m_kdfName) || !stream.readString(m_kdfOptions)) {
+            m_error = tr("Failed to read key file: %1").arg(stream.errorString());
+            return false;
+        }
 
         quint32 numberOfKeys;
         stream.read(numberOfKeys);
@@ -327,7 +328,7 @@ bool OpenSSHKey::parsePKCS1PEM(const QByteArray& in)
         for (quint32 i = 0; i < numberOfKeys; ++i) {
             QByteArray publicKey;
             if (!stream.readString(publicKey)) {
-                m_error = tr("Failed to read public key.");
+                m_error = tr("Failed to read public key: %1").arg(stream.errorString());
                 return false;
             }