cryptography: Fix umask while creating private key

- It should disable group write, not group read - It should not disable exec as it affects only directories

cryptography: Fix umask while creating private key
- It should disable group write, not group read - It should not disable exec as it affects only directories
464129b7 · Vojtech Myslivec · f1fcdd3e · 464129b7 · 464129b7
Verified Commit 464129b7 authored Jul 08, 2019 by Vojtech Myslivec
--- a/certgen/__init__.py
+++ b/certgen/__init__.py
@@ -2,7 +2,7 @@
 Sentinel:Certgen python package
 """
-__version__ = '6.1.1'
+__version__ = '6.1.2'
 DEFAULT_CERT_API_HOSTNAME = "sentinel.turris.cz"

--- a/certgen/cryptography.py
+++ b/certgen/cryptography.py
@@ -80,7 +80,7 @@ def generate_priv_key_file(key_path):
            backend=default_backend()
    )
-    old_umask = os.umask(0o057)
+    old_umask = os.umask(0o027)
    with open(key_path, "wb") as f:
        f.write(key.private_bytes(
            encoding=serialization.Encoding.PEM,