Make 2048 the default key size.

2 files changed, 3 insertions, 2 deletions

diff --git a/README.md b/README.md
index 3c870a6..90d09a1 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ The CA verifies the token and signs the public key with the signing key and retu
 
 The command on the user's machine receives the certificate and loads it and the previously generated private key into the ssh agent.
 
-The user can now ssh to the production machine, and continue to ssh to any machine that trusts the CA signing key until the certificate is revoked or expires or is removed from the keychain.
+The user can now ssh to the production machine, and continue to ssh to any machine that trusts the CA signing key until the certificate is revoked or expires or is removed from the agent.
 
 # Usage
 Cashier comes in two parts, a [client](client) and a [server](server).
diff --git a/client/main.go b/client/main.go
index 355f229..8bcc3e7 100644
--- a/client/main.go
+++ b/client/main.go
@@ -20,7 +20,7 @@ import (
 
 var (
 	ca       = flag.String("ca", "http://localhost:10000", "CA server")
-	keybits  = flag.Int("bits", 4096, "Key size. Ignored for ed25519 keys")
+	keybits  = flag.Int("bits", 2048, "Key size. Ignored for ed25519 keys")
 	validity = flag.Duration("validity", time.Hour*24, "Key validity")
 	keytype  = flag.String("key_type", "rsa", "Type of private key to generate - rsa, ecdsa or ed25519")
 )
@@ -100,6 +100,7 @@ func main() {
 	if err := browser.OpenURL(*ca); err != nil {
 		fmt.Println("Error launching web browser. Go to the link in your web browser")
 	}
+	fmt.Println("Generating new key pair")
 	priv, pub, err := generateKey(*keytype, *keybits)
 	if err != nil {
 		log.Fatalln("Error generating key pair: ", err)