File permissions for ed25519 don't match those of rsa type keys

Bug #1857827 reported by Patrick Ben Koetter on 2019-12-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy
High
Scott Kitterman

Bug Description

Upon creation dknewkey creates key files with permissions 0600 for rsa type keys, but with 0644 permission for ed25519 keys. I believe it should be 0600 in all cases.

Scott Kitterman (kitterman) wrote :

dknewkey is actually part of dkimpy, not the milter package. Reassigning.

affects: dkimpy-milter → dkimpy
Scott Kitterman (kitterman) wrote :

Thanks. The difference is that for RSA, openssl is writing the file and dknewkey is doing it itself for ed25519. I agree. This should be easy enough to fix.

Changed in dkimpy:
assignee: nobody → Scott Kitterman (kitterman)
importance: Undecided → High
milestone: none → 1.0.2
status: New → Triaged
Changed in dkimpy:
status: Triaged → Won't Fix
status: Won't Fix → Fix Committed
Scott Kitterman (kitterman) wrote :

2019-12-31 Version 1.0.2
    - dknewkey: On posix operating systems set file permissions to 600 for
      ed25519 private key files (as is already done for RSA) (LP: #1857827)
    - Update documentation URL in README.md
    - Set minimum dnspython version to 1.16 because previous versions can not
      support the timeout parameter (LP: #1856546)

Changed in dkimpy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers