File permissions for ed25519 don't match those of rsa type keys

Bug #1857827 reported by Patrick Ben Koetter
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Scott Kitterman

Bug Description

Upon creation dknewkey creates key files with permissions 0600 for rsa type keys, but with 0644 permission for ed25519 keys. I believe it should be 0600 in all cases.

Revision history for this message
Scott Kitterman (kitterman) wrote :

dknewkey is actually part of dkimpy, not the milter package. Reassigning.

affects: dkimpy-milter → dkimpy
Revision history for this message
Scott Kitterman (kitterman) wrote :

Thanks. The difference is that for RSA, openssl is writing the file and dknewkey is doing it itself for ed25519. I agree. This should be easy enough to fix.

Changed in dkimpy:
assignee: nobody → Scott Kitterman (kitterman)
importance: Undecided → High
milestone: none → 1.0.2
status: New → Triaged
Changed in dkimpy:
status: Triaged → Won't Fix
status: Won't Fix → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

2019-12-31 Version 1.0.2
    - dknewkey: On posix operating systems set file permissions to 600 for
      ed25519 private key files (as is already done for RSA) (LP: #1857827)
    - Update documentation URL in
    - Set minimum dnspython version to 1.16 because previous versions can not
      support the timeout parameter (LP: #1856546)

Changed in dkimpy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.