diff --git a/README.md b/README.md
index 3c870a69e2f56d171e25c5d15cb6ea2b95a6d64a..90d09a1e0dd02243b4766fbebb7af70474e9888d 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ The CA verifies the token and signs the public key with the signing key and retu
 
 The command on the user's machine receives the certificate and loads it and the previously generated private key into the ssh agent.
 
-The user can now ssh to the production machine, and continue to ssh to any machine that trusts the CA signing key until the certificate is revoked or expires or is removed from the keychain.
+The user can now ssh to the production machine, and continue to ssh to any machine that trusts the CA signing key until the certificate is revoked or expires or is removed from the agent.
 
 # Usage
 Cashier comes in two parts, a [client](client) and a [server](server).
diff --git a/client/main.go b/client/main.go
index 355f229ff3e930c69a6cc78bccc3c1e1e8b3df4c..8bcc3e76c06d72c75307b31e303edfc6eea3903f 100644
--- a/client/main.go
+++ b/client/main.go
@@ -20,7 +20,7 @@ import (
 
 var (
 	ca       = flag.String("ca", "http://localhost:10000", "CA server")
-	keybits  = flag.Int("bits", 4096, "Key size. Ignored for ed25519 keys")
+	keybits  = flag.Int("bits", 2048, "Key size. Ignored for ed25519 keys")
 	validity = flag.Duration("validity", time.Hour*24, "Key validity")
 	keytype  = flag.String("key_type", "rsa", "Type of private key to generate - rsa, ecdsa or ed25519")
 )
@@ -100,6 +100,7 @@ func main() {
 	if err := browser.OpenURL(*ca); err != nil {
 		fmt.Println("Error launching web browser. Go to the link in your web browser")
 	}
+	fmt.Println("Generating new key pair")
 	priv, pub, err := generateKey(*keytype, *keybits)
 	if err != nil {
 		log.Fatalln("Error generating key pair: ", err)