diff --git a/cmd/age/encrypted_keys.go b/cmd/age/encrypted_keys.go
index 9dfa65a2..9ae529b2 100644
--- a/cmd/age/encrypted_keys.go
+++ b/cmd/age/encrypted_keys.go
@@ -110,7 +110,15 @@ func (i *LazyScryptIdentity) Unwrap(block *format.Recipient) (fileKey []byte, er
 	if err != nil {
 		return nil, err
 	}
-	return ii.Unwrap(block)
+	fileKey, err = ii.Unwrap(block)
+	if err == age.ErrIncorrectIdentity {
+		// The API will just ignore the identity if the passphrase is wrong, and
+		// move on, eventually returning "no identity matched a recipient".
+		// Since we only supply one identity from the CLI, make it a fatal
+		// error with a better message.
+		return nil, fmt.Errorf("incorrect passphrase")
+	}
+	return fileKey, err
 }
 
 // stdinInUse is set in main. It's a singleton like os.Stdin.
diff --git a/internal/age/age.go b/internal/age/age.go
index 5fc4535d..11e11671 100644
--- a/internal/age/age.go
+++ b/internal/age/age.go
@@ -127,6 +127,9 @@ RecipientsLoop:
 			fileKey, err = i.Unwrap(r)
 			if err != nil {
 				if err == ErrIncorrectIdentity {
+					// TODO: we should collect these errors and return them as an
+					// []error type with an Error method. That will require turning
+					// ErrIncorrectIdentity into an interface or wrapper error.
 					continue
 				}
 				return nil, err