Private keys are world-readable


#1

The private key files created by certbot are world-readable.

-rw-r–r--. 1 root root 1704 Sep 30 00:53 /etc/letsencrypt/archive/colmena.biz/privkey1.pem

umask must be set appropriately (0066) before creating the private key files so that they are not compromised by unauthorized users.

This post

refers to the permissions of the symlink itself, not the target, which is still world-readable.


#2

Access to these files is controlled by restricting permissions on the parent directory, /etc/letsencrypt/archive:

 $ ls -ld /etc/letsencrypt/archive/
drwx------ 13 root root 4096 Oct  9  2015 /etc/letsencrypt/archive/

Non-root users cannot read files under that directory.


#3

true, but it is unnecesary for the private key files themselves to carry read permissions for group and world. there are situations where the keys need to be copied somewhere else for deployment, and this is an unnecessary security risk when they carry incorrect permission modes.

openssl creates private key files with mode 0600, and asks for a passphrase, which if specified then has to be entered every time a server using that key is started


#4

This is leaning towards the security hinge point is just an attribute on a file.
Private keys should always be handled with extreme care.
If you are going to protect people who don’t know anything about security with such a step, then you have a long way to go; As you can’t always protect people from themselves.

Can this be automated?
If so, then there is probably a loop-hole access into that file.
If not, then you must login and provide that password every time it is required.


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.