OpenSSL does create keys in more components than just gen(r|d)sa. In none of these functions any file permission mask is used. All of the components in openssl/apps are using the file-BIO which behaves like <stdio> and does not have idea about file permissions. People using OpenSSL to generate their keys should rather use safe umask settings.
Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]