| skipped 101 lines |
102 | 102 | | // generateKeypair generates a private key and the corresponding public key. If |
103 | 103 | | // privkeyFilename and pubkeyFilename are respectively empty, it prints the |
104 | 104 | | // corresponding key to standard output; otherwise it saves the key to the given |
105 | | - | // file name. In case of any error, it attempts to delete any files it has |
106 | | - | // created before returning. |
| 105 | + | // file name. The private key is saved with mode 0400 and the public key is |
| 106 | + | // saved with 0666 (before umask). In case of any error, it attempts to delete |
| 107 | + | // any files it has created before returning. |
107 | 108 | | func generateKeypair(privkeyFilename, pubkeyFilename string) (err error) { |
108 | 109 | | // Filenames to delete in case of error (avoid leaving partially written |
109 | 110 | | // files). |
| skipped 17 lines |
127 | 128 | | |
128 | 129 | | if privkeyFilename != "" { |
129 | 130 | | // Save the privkey to a file. |
130 | | - | f, err := os.Create(privkeyFilename) |
| 131 | + | f, err := os.OpenFile(privkeyFilename, os.O_RDWR|os.O_CREATE, 0400) |
131 | 132 | | if err != nil { |
132 | 133 | | return err |
133 | 134 | | } |
| skipped 664 lines |