Index: gnupg-2.1.10/g10/plaintext.c
===================================================================
--- gnupg-2.1.10.orig/g10/plaintext.c	2015-11-30 17:39:52.000000000 +0100
+++ gnupg-2.1.10/g10/plaintext.c	2015-12-04 14:26:56.876677813 +0100
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <assert.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_DOSISH_SYSTEM
 # include <fcntl.h> /* for setmode() */
 #endif
@@ -39,6 +40,9 @@
 #include "status.h"
 #include "i18n.h"
 
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
 
 /* Get the output filename.  On success, the actual filename that is
    used is set in *FNAMEP and a filepointer is returned in *FP.
@@ -146,11 +150,15 @@ get_output_file (const byte *embedded_na
       log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
       goto leave;
     }
-  else if (!(fp = es_fopen (fname, "wb")))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
+    else {
+	mode_t saved_umask = umask(GPG_SAFE_UMASK);
+	if( !(fp = es_fopen(fname,"wb")) ) {
+		err = gpg_error_from_syserror ();
+		log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+		umask(saved_umask);
+		goto leave;
+	}
+	umask(saved_umask);
     }
 #else /* __riscos__ */
   /* If no output filename was given, i.e. we constructed it, convert