[Pkg-openssl-devel] Bug#471958: openssl: Generated private keys world-readable by default

Florian Weimer fw at deneb.enyo.de
Fri Mar 21 12:20:01 UTC 2008


* Lionel Elie Mamane:

> master at capsaicin:~ 148 $ openssl genrsa -out foo 512
> Generating RSA private key, 512 bit long modulus
> ..++++++++++++
> ..........++++++++++++
> e is 65537 (0x10001)
> master at capsaicin:~ 0 $ ls -l foo
> -rw-r--r-- 1 master master 493 mar 21 11:51 foo
>
> The generated key should really not be world-readable by default. Make
> it mode 0600, if user needs more permissive (e.g. 0640), sie can
> loosen it.

You could simply use a more restrictive umask.





More information about the Pkg-openssl-devel mailing list