Verified Commit 464129b7 authored by Vojtech Myslivec's avatar Vojtech Myslivec
Browse files

cryptography: Fix umask while creating private key

- It should disable group write, not group read
- It should not disable exec as it affects only directories
parent f1fcdd3e
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
Sentinel:Certgen python package Sentinel:Certgen python package
""" """
__version__ = '6.1.1' __version__ = '6.1.2'
DEFAULT_CERT_API_HOSTNAME = "sentinel.turris.cz" DEFAULT_CERT_API_HOSTNAME = "sentinel.turris.cz"
......
...@@ -80,7 +80,7 @@ def generate_priv_key_file(key_path): ...@@ -80,7 +80,7 @@ def generate_priv_key_file(key_path):
backend=default_backend() backend=default_backend()
) )
old_umask = os.umask(0o057) old_umask = os.umask(0o027)
with open(key_path, "wb") as f: with open(key_path, "wb") as f:
f.write(key.private_bytes( f.write(key.private_bytes(
encoding=serialization.Encoding.PEM, encoding=serialization.Encoding.PEM,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment