From dc2f7f07f24ad2f0a13eadcc07f8a2a612af1116 Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Tue, 31 Dec 2019 01:17:19 -0500
Subject: [PATCH]    - dknewkey: On posix operating systems set file
 permissions to 600 for ed25519 private key files (as is already done for RSA)
 (LP: #1857827)

---
 ChangeLog        | 4 +++-
 dkim/dknewkey.py | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 1705b7c..5413a31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-Verstion 1.1
+2019-12-31 Version 1.0.2
+    - dknewkey: On posix operating systems set file permissions to 600 for
+      ed25519 private key files (as is already done for RSA) (LP: #1857827)
     - Update documentation URL in README.md
     - Set minimum dnspython version to 1.16 because previous versions can not
       support the timeout parameter (LP: #1856546)
diff --git a/dkim/dknewkey.py b/dkim/dknewkey.py
index 3d7dbc8..4750619 100644
--- a/dkim/dknewkey.py
+++ b/dkim/dknewkey.py
@@ -63,6 +63,8 @@ def GenEd25519Keys(private_key_file):
     priv_key = skg.generate()
     with open(private_key_file, 'w') as pkf:
         pkf.write(priv_key.encode(encoder=nacl.encoding.Base64Encoder).decode("utf-8"))
+    if os.name == 'posix':
+        os.chmod(private_key_file, 0o600)
     return(priv_key)
 
 def ExtractRSADnsPublicKey(private_key_file, dns_file):