makefiles/suit: don't allow non-owner to read private key

2025-01-17 05:52:44 +01:00 · 2022-06-02 00:15:22 +02:00 · 2022-06-02 00:15:22 +02:00 · b518b0ef6b
commit b518b0ef6b
parent 5e52d15409
1 changed files with 2 additions and 1 deletions
--- a/dist/tools/suit/gen_key.py
+++ b/dist/tools/suit/gen_key.py
@ -11,6 +11,7 @@
 # directory for more details.
 #

+import os
 import sys

 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
@ -37,7 +38,7 @@ def main():
                           encryption_algorithm=crypt,
                           )

-    with open(sys.argv[1], "wb") as f:
+    with open(os.open(sys.argv[1], os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600), "wb") as f:
        f.write(pem)