On Fri, Mar 21, 2008 at 01:20:01PM +0100, Florian Weimer wrote: >> [EMAIL PROTECTED]:~ 148 $ openssl genrsa -out foo 512 >> -rw-r--r-- 1 master master 493 mar 21 11:51 foo
>> The generated key should really not be world-readable by default. > You could simply use a more restrictive umask. Yes, but that command is used by several application-specific scripts; I find it safer to have openssl do the secure thing by default rather than go and fix all scripts that call it to set a correct umask. (The application-specific script that made me notice this is astgenkey from asterisk.) -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]