Set 0600 on sensitive files and 0700 on directories containing them. No #[cfg(unix)] guard — Windows is out of scope.
Files to harden:
identity.json (private keys) — 0600 on write, check on read
session.json (access/refresh tokens) — 0600 on write
config.toml (will contain appview_url with potential auth) — 0600 on write
Directories:
~/.config/opake/ — 0700
~/.config/opake/accounts/<did>/ — 0700
Behavior:
Set permissions immediately after writing (fs::set_permissions with PermissionsExt::from_mode)
On identity.json load: check mode, bail with clear error if group/other readable (like SSH does)
Applies to both opake-cli (identity, session, config) and any future file writes
No Windows support. std::os::unix::fs::PermissionsExt, no conditional compilation.
sablenote2026-03-02 23:37
Also discovered keyring_store.rs writes group key files to accounts/<did>/keyrings/{rkey}.json — these contain plaintext AES-256 group keys. Same treatment: 0600 on files, 0700 on keyrings/ directory.
Set 0600 on sensitive files and 0700 on directories containing them. No #[cfg(unix)] guard — Windows is out of scope.
Files to harden:
Directories:
Behavior:
No Windows support. std::os::unix::fs::PermissionsExt, no conditional compilation.