diff --git a/ChangeLog b/ChangeLog
index 1705b7c..5413a31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-Verstion 1.1
+2019-12-31 Version 1.0.2
+    - dknewkey: On posix operating systems set file permissions to 600 for
+      ed25519 private key files (as is already done for RSA) (LP: #1857827)
     - Update documentation URL in README.md
     - Set minimum dnspython version to 1.16 because previous versions can not
       support the timeout parameter (LP: #1856546)
diff --git a/dkim/dknewkey.py b/dkim/dknewkey.py
index 3d7dbc8..4750619 100644
--- a/dkim/dknewkey.py
+++ b/dkim/dknewkey.py
@@ -63,6 +63,8 @@ def GenEd25519Keys(private_key_file):
     priv_key = skg.generate()
     with open(private_key_file, 'w') as pkf:
         pkf.write(priv_key.encode(encoder=nacl.encoding.Base64Encoder).decode("utf-8"))
+    if os.name == 'posix':
+        os.chmod(private_key_file, 0o600)
     return(priv_key)
 
 def ExtractRSADnsPublicKey(private_key_file, dns_file):