diff --git a/dedupestore/archive.py b/dedupestore/archive.py
index e0f348d72..64552446a 100644
--- a/dedupestore/archive.py
+++ b/dedupestore/archive.py
@@ -90,6 +90,7 @@ def stats(self, cache):
         return osize, csize, usize
 
     def list(self):
+        self.get_items()
         for item in self.items:
             print item['path']
 
diff --git a/dedupestore/archiver.py b/dedupestore/archiver.py
index e8d96c50b..bae34d68f 100644
--- a/dedupestore/archiver.py
+++ b/dedupestore/archiver.py
@@ -1,5 +1,6 @@
 import argparse
 import logging
+import os
 import sys
 
 from .archive import Archive
@@ -83,19 +84,21 @@ def do_info(self, args):
         return self.exit_code_from_logger()
 
     def do_keychain_generate(self, args):
-        return KeyChain.generate(args.path)
+        return KeyChain.generate(args.keychain)
 
     def do_keychain_restrict(self, args):
-        return KeyChain(args.input).restrict(args.output)
+        return KeyChain(args.keychain).restrict(args.output)
 
     def do_keychain_chpass(self, args):
         return KeyChain(args.keychain).chpass()
 
-
     def run(self, args=None):
+        default_keychain = os.path.join(os.path.expanduser('~'),
+                                        '.dedupestore', 'keychain')
         parser = argparse.ArgumentParser(description='Dedupestore')
-        parser.add_argument('-k', '--key-chain', dest='keychain', type=str,
-                            help='Key chain')
+        parser.add_argument('-k', '--keychain', dest='keychain', type=str,
+                            default=default_keychain,
+                            help='Keychain to use')
         parser.add_argument('-v', '--verbose', dest='verbose', action='store_true',
                             default=False,
                             help='Verbose output')
@@ -105,18 +108,12 @@ def run(self, args=None):
         subparser = subparsers.add_parser('keychain')
         subsubparsers = subparser.add_subparsers(title='Available subcommands')
         subparser = subsubparsers.add_parser('generate')
-        subparser.add_argument('path', metavar='PATH', type=str,
-                               help='Path to keychain')
         subparser.set_defaults(func=self.do_keychain_generate)
         subparser = subsubparsers.add_parser('restrict')
-        subparser.add_argument('input', metavar='INPUT', type=str,
-                               help='Existing keychain')
         subparser.add_argument('output', metavar='OUTPUT', type=str,
                                help='Keychain to create')
         subparser.set_defaults(func=self.do_keychain_restrict)
-        subparser = subsubparsers.add_parser('chpass')
-        subparser.add_argument('keychain', metavar='KEYCHAIN', type=str,
-                               help='Path to keychain')
+        subparser = subsubparsers.add_parser('change-password')
         subparser.set_defaults(func=self.do_keychain_chpass)
 
         subparser = subparsers.add_parser('create')
diff --git a/dedupestore/crypto.py b/dedupestore/crypto.py
index 2096c7faf..766e188ab 100644
--- a/dedupestore/crypto.py
+++ b/dedupestore/crypto.py
@@ -17,6 +17,7 @@
 
 
 class KeyChain(object):
+    FILE_ID = 'DDS KEYCHAIN'
 
     def __init__(self, path=None):
         self.aes_id = self.rsa_read = self.rsa_create = None
@@ -25,7 +26,10 @@ def __init__(self, path=None):
             self.open(path)
 
     def open(self, path):
+        logging.info('Opening keychain "%s"', path)
         with open(path, 'rb') as fd:
+            if fd.read(len(self.FILE_ID)) != self.FILE_ID:
+                raise ValueError('Not a keychain')
             cdata = fd.read()
         data = self.decrypt(cdata, '')
         while not data:
@@ -36,7 +40,6 @@ def open(self, path):
             if not data:
                 logging.error('Incorrect password')
         chain = msgpack.unpackb(data)
-        logging.info('Key chain "%s" opened', path)
         assert chain['version'] == 1
         self.aes_id = chain['aes_id']
         self.rsa_read = RSA.importKey(chain['rsa_read'])
@@ -77,6 +80,7 @@ def save(self, path, password):
         }
         data = self.encrypt(msgpack.packb(chain), password)
         with open(path, 'wb') as fd:
+            fd.write(self.FILE_ID)
             fd.write(data)
             logging.info('Key chain "%s" saved', path)
 
diff --git a/dedupestore/test.py b/dedupestore/test.py
index adb7d1048..52e6fbea4 100644
--- a/dedupestore/test.py
+++ b/dedupestore/test.py
@@ -15,14 +15,14 @@ def setUp(self):
         self.store_path = os.path.join(self.tmpdir, 'store')
         self.keychain = '/tmp/_test_dedupstore.keychain'
         if not os.path.exists(self.keychain):
-            self.dedupestore('keychain', 'generate', self.keychain)
+            self.dedupestore('keychain', 'generate')
 
     def tearDown(self):
         shutil.rmtree(self.tmpdir)
 
     def dedupestore(self, *args, **kwargs):
         exit_code = kwargs.get('exit_code', 0)
-        args = ['--key-chain', self.keychain] + list(args)
+        args = ['--keychain', self.keychain] + list(args)
         self.assertEqual(exit_code, self.archiver.run(args))
 
     def create_src_archive(self, name):