"openssl gen(r|d)sa -out foo.key" creates foo.key with the user's
umask as far as read/write bits are concerned. Most people have an
umask that includes group- and world-readable bits.

I suggest that these commands create the files 0600 by default (unless
the user's umask is even more restrictive, obviously); do the secure
thing by default, and the user can explicitly chmod if he needs more
lax permissions.

--
Lionel

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org