- dknewkey: On posix operating systems set file permissions to 600 for ed25519 private key files (as is already done for RSA) (LP: #1857827)

2019-12-31 01:17:19 -05:00
parent 73dbcc08a8
commit dc2f7f07f2
2 changed files with 5 additions and 1 deletions
@@ -63,6 +63,8 @@ def GenEd25519Keys(private_key_file):
    priv_key = skg.generate()
    with open(private_key_file, 'w') as pkf:
        pkf.write(priv_key.encode(encoder=nacl.encoding.Base64Encoder).decode("utf-8"))
+    if os.name == 'posix':
+        os.chmod(private_key_file, 0o600)
    return(priv_key)

 def ExtractRSADnsPublicKey(private_key_file, dns_file):