Index: gnupg-2.3.0/g10/plaintext.c
===================================================================
--- gnupg-2.3.0.orig/g10/plaintext.c
+++ gnupg-2.3.0/g10/plaintext.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <errno.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_DOSISH_SYSTEM
 # include <fcntl.h> /* for setmode() */
 #endif
@@ -38,6 +39,9 @@
 #include "../common/status.h"
 #include "../common/i18n.h"
 
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
 
 /* Get the output filename.  On success, the actual filename that is
    used is set in *FNAMEP and a filepointer is returned in *FP.
@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na
       log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
       goto leave;
     }
-  else if (!(fp = es_fopen (fname, "wb")))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
+    else {
+	mode_t saved_umask = umask(GPG_SAFE_UMASK);
+	if( !(fp = es_fopen(fname,"wb")) ) {
+		err = gpg_error_from_syserror ();
+		log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+		umask(saved_umask);
+		goto leave;
+	}
+	umask(saved_umask);
     }
 
  leave: