Don't forget to tighten file privileges on private keys
When creating the DNSSEC handling tools, please don't forget that any sensitive material[1] has to be 600 to avoid reading by random users (similar bug recently hit ldns and softhsm), so we should avoid making same mistake.
- private keys database & exported keys, etc...