dkimpy

File permissions for ed25519 don't match those of rsa type keys

Bug #1857827 reported by Patrick Ben Koetter on 2019-12-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dkimpy	Fix Released	High	Scott Kitterman	dkimpy 1.0.2

Bug Description

Upon creation dknewkey creates key files with permissions 0600 for rsa type keys, but with 0644 permission for ed25519 keys. I believe it should be 0600 in all cases.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-31:

dknewkey is actually part of dkimpy, not the milter package. Reassigning.

affects:

dkimpy-milter → dkimpy

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-31:

Thanks. The difference is that for RSA, openssl is writing the file and dknewkey is doing it itself for ed25519. I agree. This should be easy enough to fix.

Changed in dkimpy:
assignee:	nobody → Scott Kitterman (kitterman)
importance:	Undecided → High
milestone:	none → 1.0.2
status:	New → Triaged

Scott Kitterman (kitterman) on 2019-12-31

Changed in dkimpy:
status:	Triaged → Won't Fix
status:	Won't Fix → Fix Committed

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-31:

2019-12-31 Version 1.0.2
    - dknewkey: On posix operating systems set file permissions to 600 for
      ed25519 private key files (as is already done for RSA) (LP: #1857827)
    - Update documentation URL in README.md
    - Set minimum dnspython version to 1.16 because previous versions can not
      support the timeout parameter (LP: #1856546)

Changed in dkimpy:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.