From 39e0191c1b164657808d2a6e17fcab02b2e45537 Mon Sep 17 00:00:00 2001
From: Vinicius Mello <vmmello@vmmello.eti.br>
Date: Fri, 29 Jul 2016 10:39:08 -0300
Subject: [PATCH] create the private key file chmod'ed 600

---
 acme.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/acme.sh b/acme.sh
index a2cfd9f7..bded5bba 100755
--- a/acme.sh
+++ b/acme.sh
@@ -337,6 +337,18 @@ _createkey() {
     _info "Using ec name: $eccname"
   fi
 
+  # to prevent the key file from being world-readable
+  # create an empty file and chmod 600 before saving the key contents
+  if ! touch "$f"; then
+    _err "unable to create empty file '$f' for private key"
+    return 1
+  fi
+
+  if ! chmod 600 "$f"; then
+    _err "unable to chmod 600 key file $f"
+    return 1
+  fi
+
   #generate account key
   if [ "$isec" ] ; then
     openssl ecparam  -name $eccname -genkey 2>/dev/null > "$f"