diff --git a/keyfork-derive-openpgp/src/lib.rs b/keyfork-derive-openpgp/src/lib.rs
index f1df991..bc19120 100644
--- a/keyfork-derive-openpgp/src/lib.rs
+++ b/keyfork-derive-openpgp/src/lib.rs
@@ -45,7 +45,7 @@ pub enum Error {
 
 pub type Result<T, E = Error> = std::result::Result<T, E>;
 
-pub fn derive(data: DerivationResponse, keys: &[KeyFlags], userid: UserID) -> Result<Cert> {
+pub fn derive(data: DerivationResponse, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
     let primary_key_flags = match keys.get(0) {
         Some(kf) if kf.for_certification() => kf,
         _ => return Err(Error::NotCert),
@@ -96,16 +96,14 @@ pub fn derive(data: DerivationResponse, keys: &[KeyFlags], userid: UserID) -> Re
                     None,
                     None,
                     epoch,
-                )
-                .expect("keyforkd gave invalid cv25519 key"),
+                )?
             )
         } else {
             Key::from(
                 Key4::<_, SubordinateRole>::import_secret_ed25519(
                     &PrivateKey::to_bytes(derived_key.private_key()),
                     epoch,
-                )
-                .expect("keyforkd gave invalid ed25519 key"),
+                )?
             )
         };
 
diff --git a/keyfork-derive-openpgp/src/main.rs b/keyfork-derive-openpgp/src/main.rs
index 2171486..e821836 100644
--- a/keyfork-derive-openpgp/src/main.rs
+++ b/keyfork-derive-openpgp/src/main.rs
@@ -5,7 +5,7 @@ use keyfork_derive_util::{
     DerivationIndex, DerivationPath,
 };
 use keyforkd_client::Client;
-use sequoia_openpgp::{packet::UserID, types::KeyFlags};
+use sequoia_openpgp::{packet::UserID, types::KeyFlags, armor::{Kind, Writer}, serialize::Marshal};
 
 #[derive(Debug, thiserror::Error)]
 enum Error {
@@ -15,41 +15,41 @@ enum Error {
 
 #[derive(Debug)]
 struct KeyType {
-    _inner: KeyFlags,
+    inner: KeyFlags,
 }
 
 impl Default for KeyType {
     fn default() -> Self {
         Self {
-            _inner: KeyFlags::empty(),
+            inner: KeyFlags::empty(),
         }
     }
 }
 
 impl KeyType {
     fn certify(mut self) -> Self {
-        self._inner = self._inner.set_certification();
+        self.inner = self.inner.set_certification();
         self
     }
 
     fn sign(mut self) -> Self {
-        self._inner = self._inner.set_signing();
+        self.inner = self.inner.set_signing();
         self
     }
 
     fn encrypt(mut self) -> Self {
-        self._inner = self._inner.set_transport_encryption();
-        self._inner = self._inner.set_storage_encryption();
+        self.inner = self.inner.set_transport_encryption();
+        self.inner = self.inner.set_storage_encryption();
         self
     }
 
     fn authenticate(mut self) -> Self {
-        self._inner = self._inner.set_authentication();
+        self.inner = self.inner.set_authentication();
         self
     }
 
     fn inner(&self) -> &KeyFlags {
-        &self._inner
+        &self.inner
     }
 }
 
@@ -115,12 +115,7 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
         .map(|kt| kt.inner().clone())
         .collect::<Vec<_>>();
 
-    let cert = keyfork_derive_openpgp::derive(derived_data, subkeys.as_slice(), default_userid)?;
-
-    use sequoia_openpgp::{
-        armor::{Kind, Writer},
-        serialize::Marshal,
-    };
+    let cert = keyfork_derive_openpgp::derive(derived_data, subkeys.as_slice(), &default_userid)?;
 
     let mut w = Writer::new(std::io::stdout(), Kind::SecretKey)?;