[Pkg-openssl-devel] Bug#471958: openssl: Generated private keys world-readable by default
Lionel Elie Mamane
lionel at mamane.lu
Fri Mar 21 10:55:20 UTC 2008
Package: openssl
Version: 0.9.8g-4
Severity: important
Tags: security
master at capsaicin:~ 148 $ openssl genrsa -out foo 512
Generating RSA private key, 512 bit long modulus
..++++++++++++
..........++++++++++++
e is 65537 (0x10001)
master at capsaicin:~ 0 $ ls -l foo
-rw-r--r-- 1 master master 493 mar 21 11:51 foo
The generated key should really not be world-readable by default. Make
it mode 0600, if user needs more permissive (e.g. 0640), sie can
loosen it.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssl depends on:
ii libc6 2.7-6 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8g-4 SSL shared libraries
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
openssl recommends no packages.
-- no debconf information
More information about the Pkg-openssl-devel
mailing list