diff --git a/archiso/initcpio/install/archiso b/archiso/initcpio/install/archiso
index 3006b5f40810222d0c31750656aca3c7b98fa115..74948c7d571fcf172c2c33cbd9f1446f2ddcb05e 100644
--- a/archiso/initcpio/install/archiso
+++ b/archiso/initcpio/install/archiso
@@ -24,7 +24,7 @@ build() {
     add_file /usr/lib/udev/rules.d/95-dm-notify.rules
     add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules
     if [[ $ARCHISO_GNUPG_FD ]]; then
-        mkdir -p "$BUILDROOT/gpg"
+        mkdir -m 0700 -- "$BUILDROOT/gpg"
         gpg --homedir "$BUILDROOT/gpg" --import <& "$ARCHISO_GNUPG_FD"
     fi
 }