diff --git a/ChangeLog b/ChangeLog
index d1fddeac28..4a9c58889f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
     - Create listener connections before we setuid to the configured User and
       Group.  This way, you can choose port values under 1024, start Tor as
       root, and have Tor bind those ports before it changes to another UID.
+    - tor-gencert creates all files visible to the file creator only.
 
   o Minor bugfixes (dns):
     - Fix a crash when DNSPort is set more than once. (Patch from Robert
diff --git a/src/common/crypto.c b/src/common/crypto.c
index bcb8a375a8..d4059e0d75 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -566,6 +566,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
   s = tor_malloc(len+1);
   memcpy(s, cp, len);
   s[len]='\0';
+  /* XXXX020 make this file get created with mode 600. */
   r = write_str_to_file(fname, s, 0);
   BIO_free(bio);
   tor_free(s);
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index fadefc13dd..e4bc01df73 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -7,6 +7,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/objects.h>
@@ -354,6 +357,9 @@ main(int argc, char **argv)
     fprintf(stderr, "Couldn't seed RNG.\n");
     goto done;
   }
+  /* Make sure that files are made private. */
+  umask(0700);
+
   if (parse_commandline(argc, argv))
     goto done;
   if (load_identity_key())