diff --git a/src/main/java/org/cryptomator/common/settings/DeviceKey.java b/src/main/java/org/cryptomator/common/settings/DeviceKey.java
index aba0bb849..04e9ebd0f 100644
--- a/src/main/java/org/cryptomator/common/settings/DeviceKey.java
+++ b/src/main/java/org/cryptomator/common/settings/DeviceKey.java
@@ -2,7 +2,6 @@ package org.cryptomator.common.settings;
 
 import com.google.common.base.Preconditions;
 import com.google.common.base.Suppliers;
-import com.google.common.io.BaseEncoding;
 import org.cryptomator.common.Environment;
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.cryptolib.common.P384KeyPair;
@@ -16,6 +15,7 @@ import javax.inject.Singleton;
 import java.io.IOException;
 import java.nio.CharBuffer;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.UUID;
@@ -26,6 +26,7 @@ public class DeviceKey {
 
 	private static final Logger LOG = LoggerFactory.getLogger(DeviceKey.class);
 	private static final String KEYCHAIN_KEY = "cryptomator-device-p12";
+	private static final String KEYCHAIN_DISPLAY_NAME = "Cryptomator Device Keypair .p12 Passphrase";
 
 	private final KeychainManager keychainManager;
 	private final Environment env;
@@ -46,15 +47,16 @@ public class DeviceKey {
 	}
 
 	private P384KeyPair loadOrCreate() throws DeviceKeyRetrievalException {
+		Path p12File = env.getP12Path().findFirst().orElseThrow(() -> new DeviceKeyRetrievalException("No path for .p12 file configured"));
 		char[] passphrase = null;
 		try {
 			passphrase = keychainManager.loadPassphrase(KEYCHAIN_KEY);
-			if (passphrase != null) {
-				return loadExistingKeyPair(passphrase);
-			} else {
+			if (passphrase != null && Files.isRegularFile(p12File)) {
+				return loadExistingKeyPair(passphrase, p12File);
+			} else { // (re)generate new key pair if either file or password got lost
 				passphrase = randomPassword();
-				keychainManager.storePassphrase(KEYCHAIN_KEY, CharBuffer.wrap(passphrase));
-				return createAndStoreNewKeyPair(passphrase);
+				keychainManager.storePassphrase(KEYCHAIN_KEY, KEYCHAIN_DISPLAY_NAME, CharBuffer.wrap(passphrase));
+				return createAndStoreNewKeyPair(passphrase, p12File);
 			}
 		} catch (KeychainAccessException e) {
 			throw new DeviceKeyRetrievalException("Failed to access system keychain", e);
@@ -67,19 +69,12 @@ public class DeviceKey {
 		}
 	}
 
-	private P384KeyPair loadExistingKeyPair(char[] passphrase) throws IOException {
-		var p12File = env.getP12Path() //
-				.filter(Files::isRegularFile) //
-				.findFirst() //
-				.orElseThrow(() -> new DeviceKeyRetrievalException("Missing .p12 file"));
+	private P384KeyPair loadExistingKeyPair(char[] passphrase, Path p12File) throws IOException {
 		LOG.debug("Loading existing device key from {}", p12File);
 		return P384KeyPair.load(p12File, passphrase);
 	}
 
-	private P384KeyPair createAndStoreNewKeyPair(char[] passphrase) throws IOException {
-		var p12File = env.getP12Path() //
-				.findFirst() //
-				.orElseThrow(() -> new DeviceKeyRetrievalException("No path for .p12 file configured"));
+	private P384KeyPair createAndStoreNewKeyPair(char[] passphrase, Path p12File) throws IOException {
 		var keyPair = P384KeyPair.generate();
 		LOG.debug("Store new device key to {}", p12File);
 		keyPair.store(p12File, passphrase);