diff --git a/Makefile b/Makefile
index 6f99ddf..499631a 100644
--- a/Makefile
+++ b/Makefile
@@ -16,6 +16,7 @@ lint-license:
 annotate-SPD:
 	@echo "📎 Annotating files..."
 	reuse annotate  --license MPL-2.0 --copyright "${copyright_holder}"  ${change_files}
+	python scripts/add_author.py  ${change_files}
 pre-commit-refresh:
 	@echo "🧹 Cleaning pre-commit cache..."
 	pre-commit clean
diff --git a/fireblocks_cli/crypto.py b/fireblocks_cli/crypto.py
index af83434..3fb91fb 100644
--- a/fireblocks_cli/crypto.py
+++ b/fireblocks_cli/crypto.py
@@ -27,7 +27,7 @@ def generate_key_and_csr(org_name: str) -> tuple[Path, Path]:
     api_key_dir = get_api_key_dir()
     api_key_dir.mkdir(parents=True, exist_ok=True)
 
-    basename, key_path, csr_path = generate_unique_basename(base_dir)
+    basename, key_path, csr_path = generate_unique_basename(api_key_dir)
     subj = f"/O={org_name}"
 
     result = subprocess.run(
@@ -54,5 +54,7 @@ def generate_key_and_csr(org_name: str) -> tuple[Path, Path]:
         typer.secho("❌ OpenSSLエラー:", fg=typer.colors.RED)
         typer.echo(result.stderr)
         raise typer.Exit(code=1)
+    key_path.chmod(0o600)
+    csr_path.chmod(0o600)
 
     return key_path, csr_path
diff --git a/tests/test_configure_gen_keys.py b/tests/test_configure_gen_keys.py
new file mode 100644
index 0000000..210a202
--- /dev/null
+++ b/tests/test_configure_gen_keys.py
@@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2025 Ethersecurity Inc.
+#
+# SPDX-License-Identifier: MPL-2.0
+
+# Author: Shohei KAMON <cameong@stir.network>
+
+import os
+from typer.testing import CliRunner
+from fireblocks_cli.main import app
+from pathlib import Path
+import pytest
+
+runner = CliRunner()
+
+
+@pytest.fixture
+def mock_home(tmp_path, monkeypatch):
+    """
+    Redirect the HOME environment to a temporary path to isolate file system side effects.
+    """
+    monkeypatch.setattr(Path, "home", lambda: tmp_path)
+    return tmp_path
+
+
+def test_gen_keys_creates_key_and_csr(mock_home):
+    """
+    Test that `configure gen-keys` generates a .key and .csr file under ~/.config/fireblocks-cli/keys
+    with correct permissions and PEM format.
+    """
+    key_dir = mock_home / ".config/fireblocks-cli/keys"
+    input_text = "TestCompany\n"
+
+    result = runner.invoke(app, ["configure", "gen-keys"], input=input_text)
+
+    assert result.exit_code == 0
+    assert key_dir.exists()
+
+    key_files = list(key_dir.glob("*.key"))
+    csr_files = list(key_dir.glob("*.csr"))
+
+    assert len(key_files) == 1
+    assert len(csr_files) == 1
+
+    key_file = key_files[0]
+    csr_file = csr_files[0]
+
+    # 内容チェック（PEM形式）
+    key_text = key_file.read_text()
+    csr_text = csr_file.read_text()
+
+    assert "BEGIN PRIVATE KEY" in key_text
+    assert "BEGIN CERTIFICATE REQUEST" in csr_text
+
+    # パーミッションチェック（600）
+    assert key_file.stat().st_mode & 0o777 == 0o600
+    assert csr_file.stat().st_mode & 0o777 == 0o600