Crypto - Restrict private key permissions

ygalblum · ygalblum · commit 48574feca284 · 2021-03-05T09:26:07.000-05:00
Set mod to 600 when saving the private key Fixes #111
diff --git a/cterasdk/lib/crypto.py b/cterasdk/lib/crypto.py
@@ -1,4 +1,5 @@
 import logging
+import os
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, PublicFormat, NoEncryption
 
@@ -25,6 +26,7 @@ def save(self, dirpath, key_filename):
 
         logging.getLogger().info('Saving private key.')
         path = filesystem.save(dirpath, '{}.pem'.format(key_filename), self.private_key)
+        os.chmod(path, 0o600)
         logging.getLogger().info('Saved private key. %s', {'filepath': path, 'format': 'PEM'})
 
         logging.getLogger().info('Saving public key.')
