"openssl gen(r|d)sa -out foo.key" creates foo.key with the user's umask as far as read/write bits are concerned. Most people have an umask that includes group- and world-readable bits.
I suggest that these commands create the files 0600 by default (unless the user's umask is even more restrictive, obviously); do the secure thing by default, and the user can explicitly chmod if he needs more lax permissions. -- Lionel ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]