diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-08 16:51:28 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-08 16:51:28 +0000 |
commit | fcb46e8b68e6b82238eddb1d37c4d624fbd598d4 (patch) | |
tree | d3cbbae8e203889429109567e902afb4265b5b4c /contrib | |
parent | f38242d91f137df50018a896c2d3984ace1a2a9b (diff) |
Add security note on astgenkey's manpage.
(closes issue #12373)
Reported by: lmamane
Patches:
20080406__bug12373.diff.txt uploaded by Corydon76 (license 14)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@113399 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/scripts/astgenkey.8 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/contrib/scripts/astgenkey.8 b/contrib/scripts/astgenkey.8 index 8f8325982..328a4d259 100644 --- a/contrib/scripts/astgenkey.8 +++ b/contrib/scripts/astgenkey.8 @@ -109,6 +109,21 @@ Run quietly. Don't encrypt the private key. .RE +.SH SECURITY +The keys are created, using the umask of the user running the command. +To create the keys in a secure manner, you should check to ensure that +your umask is first set to disallow the private key from being world- +readable, such as with the following commands: + +.I umask 0066 + +.I astgenkey yourkey + +And then make the key accessible to Asterisk (assuming you run it as +user "asterisk"). + + chown asterisk /var/lib/asterisk/keys/yourname.* + .SH FILES .I /var/lib/asterisk/keys .RS |