diff --git a/dots/bin/deployGnupgKeys.sh b/dots/bin/deployGnupgKeys.sh
index 0927686..fa15b95 100644
--- a/dots/bin/deployGnupgKeys.sh
+++ b/dots/bin/deployGnupgKeys.sh
@@ -64,14 +64,13 @@ if [[ ${user_input} == "y" ]]; then
     echo "yes"
     echo "please, remember the hint: poq.l2"
     gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z
-#    7za e ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir}/private-keys-v1.d
     7za x ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir}
 
-#    trash-put ${trg_gnupg_dir}/private-keys-v1.d/private-keys-v1.d
+    chmod 0600 ${trg_gnupg_dir}/private-keys-v1.d/*        # private keys should not be accessible by other users
+
     trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z.gpg
     trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z
 
-    #chmod 0600 ${trg_gnupg_dir}/id_rsa        # id_rsa can not be accessible by other users
 else
     echo "no worries. you can manually unpack and decrypt the file, if needed:"
     echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z"