Set secure umask when generating key

acme.sh

@@ -979,13 +979,16 @@ _createkey() {
     fi
   fi
 
-  if _isEccKey "$length"; then
+  (
-    _debug "Using ec name: $eccname"
+    umask 0077
-    ${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
+    if _isEccKey "$length"; then
-  else
+      _debug "Using ec name: $eccname"
-    _debug "Using RSA: $length"
+      ${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
-    ${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null >"$f"
+    else
-  fi
+      _debug "Using RSA: $length"
+      ${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null >"$f"
+    fi
+  )
 
   if [ "$?" != "0" ]; then
     _err "Create key error."