diff --git a/cli/src/lib.rs b/cli/src/lib.rs
index f2c823a..0b3d8b8 100644
--- a/cli/src/lib.rs
+++ b/cli/src/lib.rs
@@ -73,7 +73,7 @@ async fn sync_with_api(api: Api, key_pair: KeyPair) -> anyhow::Result<Credential
 impl App {
     pub async fn new(device_pass: &str) -> anyhow::Result<App> {
         let sk_enc = read_sk()?;
-        let key_pair = KeyPair::from_sk(sk_enc.as_slice(), device_pass);
+        let key_pair = KeyPair::try_from_sk(sk_enc.as_slice(), device_pass)?;
 
         let api = Api::new(key_pair.clone());
 
diff --git a/common/src/crypto/asymmetric.rs b/common/src/crypto/asymmetric.rs
index 44ec055..530662e 100644
--- a/common/src/crypto/asymmetric.rs
+++ b/common/src/crypto/asymmetric.rs
@@ -92,19 +92,20 @@ impl KeyPair {
         })
     }
 
-    pub fn from_sk(sk: &[u8], password: &str) -> KeyPair {
+    pub fn try_from_sk(sk: &[u8], password: &str) -> anyhow::Result<KeyPair> {
         let private_key = RsaPrivateKey::from_pkcs8_encrypted_der(sk, password)
-            .expect("Failed to create private key");
+            .map_err(|_| anyhow::format_err!("Invalid device password"))?;
+
         let public_key = private_key.to_public_key();
         let signing_key = SigningKey::from(private_key.clone());
         let verifying_key = VerifyingKey::from(public_key.clone());
 
-        KeyPair {
+        Ok(KeyPair {
             private_key,
             public_key,
             signing_key,
             verifying_key,
-        }
+        })
     }
 
     pub fn encrypt(&self, message: &str) -> String {